A few phishing techniques
Written by paininvmuthafuckinass AKA slim-ov-derby
I in no way condone the use of phishing. If anyone is stupid enough to fall for these then that is not my problem, as it isn’t my problem whether idiots decide to use any of the info given in this guide.
What this guide will be split up into
Phishing via MSN
How to make phisher pages
Phishing via MSN
Code:
https://accountservices.passport.net/reg.srf?xpwiz=true&fid=RegXPWizCredOnly&sl=1&vv=450&lc=1033
Go to that link.
Then sign up with whatever you want.
For example I have recently made a custom msn account for people to use in a recent attack planned, for us to use for phishing members of the site 1st.
For example you could choose server@4chan*org (this is an example, don’t even attempt it, especially 4chan) and then just choose a log in password as normal and click it all as normal and complete the registrations and there you go.
You can log into msn with your custom made account posing as a website server or admin and make up some bullshit about updating servers and needing log in details etc.
Usually they have an e-mail to contact the administrators on websites and you can clone them and fool members online via msn.
If you are phishing someone’s IM account then have trillian or E-Buddy open.
Have this (or something to this extent, use your imagination) typed and ready in notepad:
Quote:
For verification of account please type your password, failure to comply will result in account termination
Verifying account please wait
Account verification failed please type password
|
You can pose as a bot and copy and paste your already posted script into the convo, because if you type it will give the game away, as opposed to quickly c/p and then entering the text to send.
Once they have gave the password paste in the verifying message you have chosen to use, and meanwhile stay online but go onto trillian or E-buddy and check to see if the password is real or not.
If it is not then paste in the verification failed.
The reason you don’t log in and out and we have trillian or E-buddy to go on aswell is because it’s obvious fake if you constantly log in and out just to check if the password is right or not.
Basically it’s a new twist on one of the very 1st phishing techniques and it works quiet often.
It sounds like it wouldn’t work, but you’d be surprised how stupid people really are.
Alot of RE members were stupid enough to fall for this when 0wn3d got them, and people have been stupid enough to fall for it when I’ve been posing as a bot for other sites, such as the kkk attack.
Making phisher pages
I get asked this question alot when it comes down to phishing, and that is; How the fuck do you make those log in pages and how do they work?
Well watch and learn.
1st you need to make a php file, this is easily done by opening an editor (I use notepad by default) and typing in this code below.
Now "Save as whatever.php"
Now go to the log in page of the site you want to make the phisher for and go to "View/page source" (that’s what it is in FireFox and it should be something along the same lines with any other browser aswell.
Now save the source page as index.html
Now go into your editor and press Ctrl+F and look for:
The source should have method="POST"
Change "POST" to GET.
Now change what is highlighted in the pic below with "whatever.php"
Now all of that is done "Save"
Now you’ll need to upload these files to either h**p://t35.com or h**p://phpnet.us; or any other hosting site of your liking, which supports php.
Sign up under a name such as the site you are cloning for example if you wanted to phish RE (I’m using it as an example, don’t get your panties in a twist) sign up to t35.c*m with a login such as rotteneggs.t35.c*m or something like that, last time I tried you could put http:// in the username aswell, but I haven’t made a phisher page for months so they might have got wise to this and not allow you to do that.
Upload whatever.php and index.html to it, and then to test it works go to the phisher site you’ve made and type in random details such as
User: Test
Pass: Test
And then submit.
Log in to the site where your phisher pages are hosted and you should see a password.txt document appear and in there will be the typed details of who ever submits the details to it.
How you get people to fall for the phishers is up to you, but I usually get a mod of the sites by contacting them over msn or whatever and telling them I’m having trouble with the log in page, or on myspace you could tell them to check something out like a vid or just your myspace.
RE was easy to phish people because the mirrors such as www1 etc get fucked up on odd occasions or RE is running slow; I used to tell people the rotteneggs.t35.c*m was an up to date and fully working mirror. And even when they logged in on that phisher it would just take them back to the original RE mirror and they’d appear logged in as if it had worked.
Now remember the disclaimer and don’t attempt to phish RE members, they’re too wise to these techniques now so you’ll just look like an idiot
Some phishing techniques
Linear Mode
