PHISHING-Hacking Facebook!

By -

Hey! Today I will show you how phishing attacks are performed. Phishing (not fishing) is one of the easiest and popular email hacking techniques used by hackers. All you need is some good social engineering skills and a stupid victim (yes, if the victim is too smart he won’t get hacked).

How phishing is performed?

To perform phishing, the hacker creates a fake login page of the website whose account he wants to hack ,to demonstrate we will create a fake login page of  Facebook. Now the hacker has to make the victim login to that fake page which looks exactly similar to the actual facebook login page, the victim misinterpret fake page with the original  login page of facebook and enters his credentials that’s how his account gets hacked.  

Let’s roll…

Here begins the action, download this tool kit and extract it in a folder using winrar, please note here you have these files

      1. a.php
     2. log.txt
     3. index.html
     4. LTP5nGaprU8.css
     5. 3q7BQDIYUuu.css
     6. GsNJNwuI-UM.gif
     7.  kk8dc2UJYJ4.png


    Now follow these steps:


        1.  Create an account in a free web hosting site (say http://www. 000webhost.com ), choose any domain name you would like to have, you don't need to buy a domain, get a free one from 000webhost.Your free domain would be looking like "SOMETHING.ANYTHING.COM" . See the image.

          
         2.  Verify your account by your email
         3.  Sign in to your account from here.
         4.  Go to control Panel.
         5.  Navigate to File manager.





         6. Click on public_html folder and delete “default.php” file.

         7. And upload these seven files given in the toolkit

    Now you are down to half way, to test proper working of your phishing page go to http://www.yourdomain.com  and you must see a page look alike of facebook login page, here you have to make your victim login his credentials(email id and password) and his credentials will get stored in the file “log.txt”. To test you can enter your email id and password in the fake page, hit login button, then go to your file manager and open file “log.txt” you will see the credentials entered by you.


    Why would the victim enter his credentials in fake page?

    Here the hacker uses his Social engineering skills. Victim would receive a mail from account-confirmation@facebook.com and the body somewhat like this.

    Dear user,                  
                We are running with some problem with our server 222.09.87.67 and we need to confirm each and every account hosted by server 222.09.87.67 . We are extreme sorry for the inconvenience but it’s very important for you to confirm your account. If you don’t, we might even have to close your account. Click on the confirmation code to confirm : 190876533478 After clicking on this code you just have to enter your credentials and sign in.Sorry For the inconvenience.
     Regards, 
    Facebook Team
     Definitely with the fear of loosing his account victim will enter his information.
    If you find any trouble performing these steps or have any other query please let me know in the comments.