Phishing (Fake Login Page) Attack

# What is Phishing ? 

     Phishing is a fake login page designed by an attacker to steal personal info of victim's. Phishing page looks same as Original page of any website or social networking website.

# How Phishing works ?      
       As, I told you Phishing is a fake login page that is well designed same as original page to steal personal info of victim's for eg. (ID, Password, E-mail, Contacts, Credit Card Stealing, etc).
An attacker will create a fake login page and host it on any free web hosting sites then attacker will send link of fake page to victim to steal his personal info or data and when victim will provide his personal info such as E-mail ID or Password then victim's E-mail and Password will be hacked !!.

# How to Prevent and save us from Phishing attack ?      
      Well !! it is easy to detect any Phishing page.
      1. Use best Antivirus and update it daily

      2. Check URL before logging to any website.

      4. Beware of E-mail Spoofer.

# How to Create Phishing page and Hack any A/c ?      
      So, Friends here is our main topic, how to create Phishing page and hack any E-mail, Password :D

NOTE THIS IS ONLY FOR EDUCATIONAL PURPOSE ONLY, I M NOT RESPONSIBLE FOR ANY PHISHING ATTACK PERFORMED BY ANY READER.

                      Here, I had just gave all step to create a Phishing page and hack any a/c

1)    Here, I take Facebook as my Fake Page to hack Facebook ID's
2)    Download Facebook Phishing page from here (Skip ad's after 5 seconds)
3)    Create free a/c on 000webhost.com and get free domain
4)    Here, I had already created one a/c for tutoial

5)    After creating free a/c and domain go to your Control panel > and Click on File Manager

6)    If it will ask for password, then provide your Password

7)    And then go in public_html folder and delete default.php file

8)    After deleting default file, click on upload and you will be redirected to this page

9)    I suggest you to use ZIP archives to upload it's fast and easy :D, so click on choose file

       and select ZIP file you downloaded it step 2.
10)  After uploading your Phishing page you will see this page

11)  So, After Creating your server go to your website for eg. mine is luzw0rmtut.site11.com

       if you will visit your website then you will see this type of options.

12)  Click on Login.html and you will be redirected to your Phishing page that looks same as 

       Facebook original page. CLICK ON IMAGE TO ENLARGE IT 

13)  And now copy the Address of this page and Go to Google URL Shortener and

       Shortern your URL to make your victim's Fool and not to detect as SPAM

14)  Let's check whether our Phishing page is working or not ? Go on your Phishing page

       and Enter any fake ID and Password in E-mail and Password BOX 

15)  After providing your fake info click on login and you will be redirected to you tube
        and your E-mail ID and Password will be hacked !!

16)  How to know the Password ? Again Go to your 000webhost dashboard and

        over there you will see anotther file manager 

17) Go in Another file manager > public_html > After Entering in public_html folder
      you will see this 4 files 

18)  Double click on log.txt file and download it after all open it !! hahahaha !!

19)  WOW !! Here you can see how Phishing attack works and steal FB password :D
        Enjoy GUYS

Phishing (Fake Login Page) Attack

# What is Phishing ? 

     Phishing is a fake login page designed by an attacker to steal personal info of victim's. Phishing page looks same as Original page of any website or social networking website.

# How Phishing works ?      
       As, I told you Phishing is a fake login page that is well designed same as original page to steal personal info of victim's for eg. (ID, Password, E-mail, Contacts, Credit Card Stealing, etc).
An attacker will create a fake login page and host it on any free web hosting sites then attacker will send link of fake page to victim to steal his personal info or data and when victim will provide his personal info such as E-mail ID or Password then victim's E-mail and Password will be hacked !!.

# How to Prevent and save us from Phishing attack ?      
      Well !! it is easy to detect any Phishing page.
      1. Use best Antivirus and update it daily

      2. Check URL before logging to any website.

      4. Beware of E-mail Spoofer.

# How to Create Phishing page and Hack any A/c ?      
      So, Friends here is our main topic, how to create Phishing page and hack any E-mail, Password :D

NOTE THIS IS ONLY FOR EDUCATIONAL PURPOSE ONLY, I M NOT RESPONSIBLE FOR ANY PHISHING ATTACK PERFORMED BY ANY READER.

                      Here, I had just gave all step to create a Phishing page and hack any a/c

1)    Here, I take Facebook as my Fake Page to hack Facebook ID's
2)    Download Facebook Phishing page from here (Skip ad's after 5 seconds)
3)    Create free a/c on 000webhost.com and get free domain
4)    Here, I had already created one a/c for tutoial

5)    After creating free a/c and domain go to your Control panel > and Click on File Manager

6)    If it will ask for password, then provide your Password

7)    And then go in public_html folder and delete default.php file

8)    After deleting default file, click on upload and you will be redirected to this page

9)    I suggest you to use ZIP archives to upload it's fast and easy :D, so click on choose file

       and select ZIP file you downloaded it step 2.
10)  After uploading your Phishing page you will see this page

11)  So, After Creating your server go to your website for eg. mine is luzw0rmtut.site11.com

       if you will visit your website then you will see this type of options.

12)  Click on Login.html and you will be redirected to your Phishing page that looks same as 

       Facebook original page. CLICK ON IMAGE TO ENLARGE IT 

13)  And now copy the Address of this page and Go to Google URL Shortener and

       Shortern your URL to make your victim's Fool and not to detect as SPAM

14)  Let's check whether our Phishing page is working or not ? Go on your Phishing page

       and Enter any fake ID and Password in E-mail and Password BOX 

15)  After providing your fake info click on login and you will be redirected to you tube
        and your E-mail ID and Password will be hacked !!

16)  How to know the Password ? Again Go to your 000webhost dashboard and

        over there you will see anotther file manager 

17) Go in Another file manager > public_html > After Entering in public_html folder
      you will see this 4 files 

18)  Double click on log.txt file and download it after all open it !! hahahaha !!

19)  WOW !! Here you can see how Phishing attack works and steal FB password :D
        Enjoy GUYS

How to do Hydra Brute force attack to hack or recover any E-mail Password

 

  Brute-force attack

A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.

Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, minutes or Hour to run. The amount of time it takes to complete these attacks is dependent on how complicated the password is and how well the attacker knows the target.

To help prevent brute-force attacks many systems will only allow a user to make a mistake in entering their username or password three or four times. If the user exceeds these attempts, the system will either lock them out of the system or prevent any future attempts for a set amount of time.

# So here we are going to use Backtrack 5, Hydra Attack. I will use fake                      G-mail a/c for this tutorial.     

# Requirements.
     * Backtrack 4 or 5 with Internet connection
     * Password.txt file (That contains Possible passwords)    
     * Brain !!

   

# For Eg. I took fake ID of G-mail (hackerseven5@gmail.com) as my victim

     it's password is '521478963', and Suppose i know the possibilities of        

     password so, I will make password.txt file to do brute force attack !! like      
     this      >>>>>>>>

# Now it's time to start attack !! using Hydra gtk,        
 Go to>Application>Backtrack>Privilege Escalation>Password Attacks>Online Attacks>hydra-gtk.

#  And it will start like this >>>>>>

# Fill all info in this way !!

     * Single Target  = smtp.gmail.com
     * Port          =    465 

     * Protocol    =    smtp
     * mark        =   Use SSl, Be Verbose, Show Attempts

#   As shown in this Image  >>>>>>>>

# After setting your Target, go on Password tab >>

# Fill all info in this way !!
     * Username         =  G-mail  ID (hackerseven5@gmail.com)
     * Password list    =    upload your possibilites password file
                                        (save your password.txt file on desktop)

# After all go to > Start Tab and Clik on Start !!

# So, your Brute Force Attack has been started !!

# After all it will try Brute force attack using every password and try to login     
     with possibilities password, if you were lucky !! then it will show      successful message like this >>>>>

>>>>>>>>>>>>>>>>>Viv EK<<<<<<<<<<<<<<<<<<<
I no using this attack it is very hard to hack any G-mail Password, but it can help you to recover your hacked ID or forget password.

How To Hack HTTP Passwords With Wireshark

Most of the websites on the Internet use HTTP protocol for comunication which runs on Port 80, The data send to the server is Un-encrpypted and goes in plain text. If you are using HTTPS (Port 443), The data will be send to the server encrypted. When ever you enter the data in a Form, Your browser either sends a POST Or Get Request to the webserver, In most cases you will see POST method used in forms. Now most of the websites on the internet use Http protocol for the authentication, which enables an attacker on the local area network to sniff every thing that goes through that form, That's the reason why you see websites like Paypal, Ebay, Gmail with https.

In this tutorial, I will show you how a hacker can hack passwords sent via http to the server with wireshark. Wireshark is a network analysis tool used to capture and analyze all the packets being send from your computer to the server.
Attack Scenario
Let's suppose that you went to starbucks to have a coffee with your friend, You have connected to the wifi hotspot, An attacker comes in and starts wireshark and captures your HTTP Post passwords and therefore compromising your security.
How To Hack HTTP Passwords With Wireshark
Before, you i show you how to hack http passwords, i would like to let you know that for a successful capture, your network card should be in Promiscuous mode, which will enable to capture all the traffic going through your network.

Step 1 - First of all download wireshark from the official website and install it on your computer.

Step 2 - Next open up wireshark click on analyze and click on interfaces at the top.

Step 3 - Next choose the appropriate interface and click on start. Wireshark would start sniffing the network.

Step 4 - Continue sniffing for around 10 minutes. Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

In the mean time, Log into any website (For Testing Purposes), having http Authentication.

Step 6 - Next set the filter to http.request.method == "POST", This will enable it to capture all the HTTP Post request going through your computer. Start analyzing the packets and locate the website in which you logged in having http authentication.

Step 7 - Next click on Follow TCP stream. You will see the username and password that you entered. In this particular senario i logged in my wordpress account, where i entered the username:admin and password:rafayhackingarticles, Since wordpress uses http for authentication, The data that was entered was successfully captured