#school4lulz -- Phishing

1. 20:55 <@God> phishing 101
2. 20:56 < vongreat> !topic
3. 20:56 -Lulzboat:#school4lulz- Channel Topic: CLASS TONIGHT @ 8PM CST -- Malware: Spread/Utilization || #FuckWhiteHats || Twitter: @St4rFox || Bitcoin: It's all about the love of the scene || Last Night's Class on Malware: pastebin.com/5F0dqTUQ || All Classes Until 8/14/11 pastebin.com/TDPSSnny || Come Join the Fun! :D
4. 20:56 < algidLogic> that was sweet
5. 20:56 <@God> So phishing?
6. 20:57 <@God> who here is a professional phisherman
7. 20:57 < vongreat> not much anymore
8. 20:57 <@God> ok
9. 20:57 <@God> so the art on phishing
10. 20:57 <@God> i never thought about this till not long ago
11. 20:57 <@God> when the Social engineer tool kit came out
12. 20:57 <@God> but phishing is very much like socialing
13. 20:58 <@God> and in todays inet world is easier then ever
14. 20:58 <@God> with browsers able to save whole websites
15. 20:58 <@God> all you need is a little something to send you the name and pw
16. 20:58 <@God> i sometimes use a php script
17. 20:58 <@God> which i will paste bin once ark is done downloading
18. 20:59 <@God> its all in the delivery
19. 20:59 <@God> winsock spamming works great with phishing
20. 20:59 <@God> but you can be traced like that
21. 20:59 <@God> which is best used on hacked wifi
22. 20:59 <@God> or you can just send mail normally with a made up acct
23. 20:59 <@God> say i want to steal a yahoo
24. 21:00 <@God> i will make a email account such as ymail.alert@yahoo.com
25. 21:00 <@God> or something a little more believable
26. 21:01 < vongreat> gmail is great for it as you can set the name to whatever like GMAIL TEAM and th emails show as GMAIL TEAM in inbox
27. 21:02 <@God> http://pastebin.com/LFBy3ghL
28. 21:02 <@God> that is the php script
29. 21:02 <@God> what you want to do is use a host that will support php
30. 21:02 <@God> such as oni.cc
31. 21:02 <@God> http://oni.cc
32. 21:02 <@God> and you get a site you want to use
33. 21:02 <@God> so you need to find out what u wanna steal first
34. 21:03 <@God> so if i wanted to pose as a yahoo.com
35. 21:03 <@God> i would search yahoo
36. 21:03 <@God> for different login pages
37. 21:03 <@God> also when you search websites for different types of login pages
38. 21:04 <@God> you sometimes will find small exploits
39. 21:04 <@God> but thats another topic
40. 21:04 <@God> right click save the site as source code
41. 21:04 <@God> rename it to a html file
42. 21:04 <@God> and then check the site to make sure all images and scripts work
43. 21:04 < algidLogic> you cant just save the html
44. 21:04 <@God> make it back to a txt file
45. 21:04 <@God> u can save it as txt
46. 21:04 < algidLogic> what about all the links for images and such
47. 21:04 <@God> and rename it to .html
48. 21:04 < algidLogic> ?
49. 21:05 <@God> and its fine
50. 21:05 < algidLogic> the paths will be all wrong
51. 21:05 <@God> well back in the day it was harder
52. 21:05 <@God> look
53. 21:05 <@God> no they are not
54. 21:05 <@orbital> there are tools for cloning
55. 21:05 <@God> https://login.yahoo.com/config/login_verify2?&.src=ym
56. 21:05 <@orbital> SET can e.g.
57. 21:06 <@God> u hardly need a tool for any cloning
58. 21:06 <@God> if anything u might need to fix one image
59. 21:06 <@God> and all u need to do for that
60. 21:06 <@God> is locate the image in the txt file u saved
61. 21:06 < Komar> Also, when fishing don't forget to obfuscate your url's -- it's pretty nifty.
62. 21:06 <@God> and add the domain name in front of it
63. 21:06 < Komar> phishing*
64. 21:06 <@God> after you have your site and its ready to be used you need to do a search in the txt file for "post"
65. 21:06 <+Zippie> always +m unless you are asking questions
66. 21:07 <@God> <form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" id="login_form" onsubmit="return hash2(this)">
67. 21:07 <@God> so you see the "post"
68. 21:07 <@God> thats the only thing u'll ever really need to change your site
69. 21:07 <@God> in the txt file
70. 21:07 <@God> after to have uploaded your php script that i just pasted bin
71. 21:08 <@God> u need to make sure that the input names id's are the same as the php script as in ur txt file of the site u are cloning
72. 21:08 <@God> <input name='passwd' id='passwd' type='password' maxlength='64' tabindex='2'>
73. 21:08 <@God> that is the password feild
74. 21:08 <@God> yahoo uses and id of
75. 21:08 <@God> passwd
76. 21:08 <@God> but the php script says password
77. 21:09 <@God> so u can change the php script or change the txt of yahoo site, it does not really matter
78. 21:09 <+Zippie> If I may suggest, any time you are phishing, be sure to send the login information along to the real server, and transfer the cookies to the user, so they never know it even happend.
79. 21:09 <@God> after you make a site such as yahoo.oni.cc
80. 21:10 <@God> if you must but its not always eneded
81. 21:10 <@God> lot of people are already logged into the domaiin when they get the emails
82. 21:10 <@God> so where ever ur php redirects them will be fine
83. 21:10 <@God> such as calendar.yahoo.com
84. 21:10 <@orbital> Zippie "send .. along to the real server" i'd suggest doing the opposite as the SOP will probably fuck you otherwise :P
85. 21:10 <@God> it will load jkust like normal
86. 21:10 <+Zippie> k
87. 21:10 <@God> anyways
88. 21:10 <@God> just change the
89. 21:11 <@God> "post" url with ur php script
90. 21:11 <@God> Dear Employees: We ask that our employees please take a moment to update the Name, location, and Phone Number on your Employee Phone Records by going <a href="">here.</a> Current information allows for faster verification when another employee need to fine you or when OpsSec pulls up your account. From time to time we may also use this information to
91. 21:11 <@God> i have phished entire call centers
92. 21:11 <@God> one after another
93. 21:12 <@God> with only phish scams
94. 21:12 <@God> phishing is just as effective as any other hacking attempt
95. 21:12 <@God> you can phish ip's
96. 21:12 <@God> you can fish logins
97. 21:12 <@God> cc's
98. 21:12 <@God> whatever
99. 21:12 <@God> its all in your delivery
100. 21:13 <@God> when you are finished and u;ve uploaded your php and site
101. 21:13 <@God> such as
102. 21:13 <@God> yahoo.oni.cc/login.psp
103. 21:13 <@God> and your victim log's in
104. 21:13 <@God> you will find your phish'd victims info on
105. 21:13 <@God> whatever txt you edited in the php script
106. 21:13 <@God> such as
107. 21:13 <@God> yahoo.oni.cc/cc.txt
108. 21:14 <@God> and you can edit the cmd in the file with a ftp program
109. 21:14 <@God> so it cant be viewed
110. 21:14 <@God> for other people to view it
111. 21:14 <@God> only writes
112. 21:14 <@God> so u just ftp in and u got it
113. 21:14 <@God> or build a small program that will just read it and sit on ur desktop
114. 21:14 <@God> i have one that sites right by my clock on my windows box
115. 21:14 <@God> whenever someone log's in
116. 21:14 <@God> it just shows up
117. 21:15 <@God> hold on i need to check the bbq
118. 21:15 <@God> any questions?
119. 21:16 <@orbital> hm nope
120. 21:16 <~Fox> ROUND 1.
121. 21:16 <@God> im trying to find sites i already have up to show people but
122. 21:17 <@God> i forgot my login to one of my 100's of emails
123. 21:17 <@God> if you are trying to scam call centers and log the people off the inet after they login i also have an error html site
124. 21:18 <@God> that will loop a box over and over till they ctrl alt del
125. 21:18 <@God> but thats for call centers where the employees have secure ID's tied to the acct
126. 21:19 <@God> which is a 6 digit number that changes every 30 seconds after they login with there normal name:pw
127. 21:20 < menot> oi
128. 21:20 <@God> Subj: Your Benefits have changed. Date: From: Benefits To: Employee 1: Dear Employee, Effective September 23, 2011 Your 401k benefits will be changing, also any stock holdings. We request that you view your 401k plan, and confirm that you agree to these changes. Also just for logging in to this new area we will add 20 stocks to your h
129. 21:21 <@God> Employee Center: <a href="h">401k and Stock Holdings</a> Thank You, Joyce Bernard Financial Center
130. 21:21 < menot> wtf
131. 21:21 < menot> spam
132. 21:22 <@orbital> ?
133. 21:23 < Pakly> hes doing a talk not spam
134. 21:25 < menot> spamtalk
135. 21:25 <@orbital> phishingtalk even tho its like dead silence now
136. 21:25 <@God> sorry guy's im bbq for everyone at the same time, some fat burgers and pork chops
137. 21:26 <@God> any questions please ask im still looking at the chat
138. 21:28 < menot> there will be a lesson in about 30 mins right?
139. 21:29 < NOF4CE> rod
140. 21:29 < NOF4CE> tod
141. 21:29 < NOF4CE> this is God
142. 21:29 < m0ri> example of phishing for lloyds: http://www.filedropper.com/verify
143. 21:29 < m0ri> it's a tar file
144. 21:29 ||| Pakly is now known as Satan
145. 21:29 < NOF4CE> I infected myself lulz
146. 21:30 < menot> i missed the lesson?
147. 21:30 < NOF4CE> First time ive ever caught a virus
148. 21:30 < NOF4CE> and i done it to myself
149. 21:30 < NOF4CE> whyyyyy
150. 21:30 < vongreat> lol
151. 21:30 < m0ri> lol
152. 21:30 ||| Captain|Akademika is now known as Captain|Akademika|Off
153. 21:30 < m0ri> Totally an actually phishing site
154. 21:31 < vongreat> mori does that do the second page also or just the U P login
155. 21:31 < NOF4CE> gais what you think of my twitter pic
156. 21:31 < NOF4CE> http://twitter.com/#!/N0F4CE_
157. 21:31 < NOF4CE> custom made :)
158. 21:31 < NOF4CE> in flash
159. 21:31 < m0ri> http://pastebin.com/sCCTzWrn
160. 21:31 < m0ri> see true phishing :D
161. 21:32 < algidLogic> Is there a network somewhere that someone has made for practicing sql injections and other jazz?
162. 21:33 < m0ri> That tar file will give you a working example of how phishing is done in most senarios