Explaining phishing to new-bies ( Demonstrating by Facebook phishing hack)
What is phishing?
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular Basic Concept of Phishing:-
Recently i posted a Tutorial on how to do Tab napping and discussed there the use of phishing pages. So, i am demonstrating that how phishing is done to aware you all. I will show you a facebook phishing page and the method on how to make such page.So, the hacker makes an exact copy of the facebook, orkut, yahoo, msn or any other bank sites login page and then he uses a script to get the password and username and embeds that script in the forum of the login field. First of all download the facebook phishing page here :
Download ( Skip the add on clicking this link from top right corner )
Update: If Password is asked to "Open" the RAR then password is secret_hacking
So! the basic scheme of phishing is demonstrated by pictures in case of facebook orignal login page. See the pic below :
What hackers do they copy all he source code of facebook phishing page and replace this Url with their own exploit. I have given this exploit with the name of write.php in the download package. So, it will become as below :
Here is screen shot of "write.php":
How to make this process possible-(Step by Step guide for phishing):-
1.First of all you will need a
2.Now, You will upload the Index.php and write.php to your website. Both are in download package.
For uploading use Filezilla I too like this open source software for handling ftp servers.
4.Now! both files are uploaded and you have to send your hosting or fake
5.Victim opens the page and thinks that its a real facebook page and logins there. So his keystrokes will be recorded in you hosting in a .txt file. In my script i specified its name ispassword.txt . You may change it.
6.Another trick for sending the Url is by email spoofing. ( Read Detailed article on Email Spoofing here.) In email spoofing you can hyperlink you phishing page link with facebook.com and then by using social engineering you will excite victim that login below to earn instant dollars or else your acount be deleted Blah Blah!
How to remain safe from phishing attacks:-
Main help is your eye. Keep an eye at browser Address bar. and check isn't there any url like:www.facebook.t35.com or www.facebook.110mb.com or www.fakefb.110.mb etc...
Use an updated version of browser and it will detect phishing script.
Thanks To HackingArts.in
No comments:
Post a Comment