Hello, friends about 6 years back I have learnt ethical hacking from a training center & expended a big amount of many. I have a little knowledge on hacking. So, I have decided to share my hacking knowledge with expert to learn more detail about hacking.
What Is Phishing?
The phishing is technique that is used to stealing user id & password of Gmail, yahoo, Facebook, twitter, Payza, Paypal or any other accounts, the only difference lies in the METHOD and ACTION codes. In original webpage you are directed to database to that website but in fake pages you are directed to program that writes the log file that consist of username and password of the user. In fake page method function directs you to a php program that writes the log and simultaneously it redirects to original website and copy the username in the username column of original website and it shows that you have entered a wrong password and when you enter the password again then you are entered into the original website. So the user will never know that his account has been hacked, he will only think that he has entered wrong password. Before creating Phishing page first of all think like a hacker. Means, you know how these pages looks like?
Requirements to create a page:
- Phishing page for Gmail Website (or any other).
- A Free web hosting server to upload these fake pages.
- An Email account for sending mails. (Create one fake email account).
- HTML format mail that has to be sent to user.
Note: By using this I have hacked more than 20+ accounts (with my friends) of gmail, facebook, etc. This tutorial is for Educational purpose, we (www.ismtechbd.com) are not responsible if you have misused it. I didn’t do that.
SOME INFORMATION TO HACK GMAIL ACCOUNT
- Download the phishing pages (fake pages for Gmail). Available in internet. (You can create any page that you want. Just open the page that you want to create fake page. Right click on webpage and select view source. Copy all code and paste it into notepad and save it as ex. gmail.html).
- Now open the Gmail folder. In this folder you will see three files namely:
Gmail.html is the phishing page that looks like original Gmail page, when user enters his credentials i.e. username and password, then it will be redirected to mail.php file which will write username and password to log file and simultaneously redirect the user to original website, that will show, you have entered wrong password.
Now you have to create account on free Web Hosting website. The Following are the web hosting sites. Login into in any one of the website.
Now login into your hosting account, and upload the above 3 files. Once you have uploaded the files in the web hosting directory.
Now we have our link that we will send to the user. How we will send the link to user. Open your fake email account that you have created. Click on Compose mail and In Subject Enter “Gmail : Please Verify your Gmail Account. And in body write something like that we have seen illegal activity from your account. please verify your account within 24 hrs. We have to lock your email account. For verifying visit here www.gmail.com and hyperlink link your fake mail address and send it to user.
Now wait until till user enters his credentials. (Depends how fast the user reacts to the email). Once the user logs in to his Gmail account using your Phisher, his user ID and password are ours..And these are stored in log.txt What you have to do is just refresh your Web hosting account files. The Log.txt file will contain the passwords and look like this.