After reading my previous article about phishing, people said things like Grow up buddy! Everyone knows about phishing, its outdated.”
I was surprised how people can disrespect such an important technique. I decided to hack one of them who told me that everyone knows about phishing, it won’t work! *Thug Life*
The problem with script kiddies is that they think they know enough. And they think if an unknown webpage or program asks for your username and password, its phishing.
My aim was clear i.e. to take advantage of their definition of phishing.
I started to look for targets in our facebook group and then I saw a comment from a guy who looked too overconfident. I opened his profile (I don’t why), and I saw something interesting in there, it was his email address. My mind developed an evil plan, I created a phishing page.
I sent him a friend request and he accepted it. We talked for 20 minutes and then we started to talk about the recent “CIA Leak” and I delivered my phishing link as follows:
So you want to see what was in the website that I told him about?
Here you go:
Looks great huh?
Well whenever someone enters his/her in password and clicks on the Check button, the php script saves the input into a text file on the sever and loads a the following page:
This website checks nothing, it will always show that the password is not affected which gives a mental satisfaction to the victim.
Moreover, I have added check another password option and the facebook page link which adds another layer of trust.
Ok so where were we?
Hmm we were trying to hack a skid (script kiddie). So I passed him the link and said I don’t know who hacked into facebook servers and then I changed the topic.
I did so because I didn’t want to show that I want him to click on that link.
I checked my log file and unexpectedly there were two passwords:
[2017-03-9 23:52] [email protected] [2017-03-9 23:56] @[email protected]
I waited him to go offline so I can log in successfully because sometimes facebook blocks such attempts.
Everything went according to the plan, I entered his Email address that I got from his facebook profile and I logged into his account.
I tried to log into his Email account too but unfortunately there was two step verification so I missed my chance to have access to everything that was connected to that email.
I don’t know about the second password, maybe its of his another facebook account or he sent this link to one of his friends who also checked his password.
Anyways that’s all for now. I hope you learned phishing is all about being creative and interacting with the victim properly.
And if you comment phishing is outdated then its means I will write another article lol.
Do you want to know how I created that website? I copied the layout of a website and replaced the source code of php file according to my needs.
Thanks for reading.
Also Read: Nmap Port Scanning Techniques Explained