Posted on 3 Comments

How to phish with Weeman HTTP Server

Good morning friends. Today I will go back to the topic which sparked my interest in the starting days of blogging: phishing. Phishing is one of the most popular hacking attacks even today. Earlier we have seen howto’s on phishing and Desktop phishing. Today we will see how to phish with Weeman Http server.

Weeman Http server is a simple server for phishing written in Python. So let us see how to phish with Weeman HTTP server. We will use Kali Linux as our attacker system. Dowload Weeman HTTP server from Github in Kali.

Go to the directory where the server is installed and check its contents. There should be a python script named weeman.py.

Now start the server by typing command “./weeman.py“. It should look like below.

Check all the options by typing command “help“.

We will use the default settings for this how to. Type command “show“. You can see all the options required for phishing.

Set the url option as the website you want to phish. For this howto, I am using Facebook (sorry Mark). Set the port appropriately( but use 80 ). The action_url option sets the page you want the victim to redirect after entering his credentials. This sis shown below.

Type command “run” to run our server. The server will start as shown below.

Now find out your IP address, obfuscate it, shorten it( this is shown in the video ) and send the link to the victim. When the user clicks on the link, he will get to our phishing page as shown below.

When the user enters his credentials and clicks on Login, he will be redirected to the original website.

While on our attacker system, we can see the credentials of our victim. Happy hacking.

Here’s the video version of this howto.

Posted on 3 Comments

Desktop phishing tutorial : Step by step guide

Have you ever read “Life on Earth” by David Attenborough. It’s a very nice book about the evolution of animals. What is evolution? Wikipedia defines it as the “change in the inherited characteristics of biological populations over successive generations”. Why are we talking about evolution now. This Desktop phishing tutorial is an evolution over Phishing. It evolved to overcome the disadvantages in phishing. Let’s see how.

The process in desktop phishing is same as in phishing. The only difference is in the method of uploading our phishing files. Whereas in phishing we upload our files to an external server, in desktop phishing we upload our files to the server on our desktop. Why? Because there are three disadvantages in the former  method.

One, however hard we may try the URL always looks suspicious.

Two, modern day browsers are capable of  detecting phishing sites.

Three, as soon as the webhosting provider detects that you hosted a phishing site, he will suspend your account. This will most likely happen within 24 hours. Desktop phishing overcomes all these defects. So now, let’s see how to hack a Facebook account with desktop phishing. As already told, this process is same as phishing, until the creation of phishing files which you can find  here. Now Install Wamp Server on your windows machine. To see what Wamp server is and how to install it, click here. Next, install a VPN on your system to keep your IP static. See here. We are going to host our phishing files on our desktop and redirect the victim to our site.

Now copy our phishing files to the folder C:/wamp/www. This is the root directory of the Wamp server.

Here is the script of the “phish.php” we used.

Go to folder “C:/wamp/bin/apache/Apache 2.4.4/conf” and make changes to the ‘httpd.conf’ file as below. These changes give permission to external users to access your fake website.

Start your wamp server, open your browser and type localhost” in the url to see if your phishing site is working. Then open Notepad and create a batch file as shown below. We need to send this file to the victim machine and make him execute it. See how? Make sure you replace the IP address below with one assigned by VPN.

What the above script does is it changes the hosts file in the victim’s system to redirect to your fake website when user tries to access Facebook. Now, what is hosts file?

Hosts file is a text file located in the folder “C:/windows/system32/drivers/etc” which resolves IP addresses associated with domain names.

Usually when we try to visit any website say www.google.com our system sends a query for it’s IP address to the DNS server. When we make an entry in the hosts file of our computer, the query is not sent to the DNS server. When the victim clicks on the executable sent by us, it changes the hosts file like below.

Now when victim types “www.facebook.com” in his browser, he is redirected to our wamp server. Notice that the URL looks completely genuine and the browser didn’t detect it as a phishing site.

When the unsuspecting victim enters his credentials,

a text file called pass .txt is created in the www directory.

Open the file and we can see the credentials.

That’s all in desktop phishing tutorial for beginners.  See how to phish with Weeman Http server.

Posted on 33 Comments

Phishing tutorial for absolute beginners

Phishing is one of the unique method of hacking that involves social engineering. What exactly is phishing? Phishing is an act of presenting a fake page resembling the original webpage you intend to visit with the sole intention of stealing your credentials. This post  demonstrates phishing tutorial for beginners. Although we make a phishing page of Facebook in this tutorial, it can be used to make a phishing page of any website.  So now let’s phish.

Open your browser,  go to the Facebook website, Right click on the webpage and click on “view page source”.

The source of the web page is displayed in the browser. Right click on the page and click on “Save As”. Save the page as “index.html” on your computer.

Now open index.html using notepad and hit CTRL+F”.In the Find box opened, type “action” and  click on “Find Next”. Look at the value of action. This “action” specifies the website what to do after users enter credentials and submit those. 

Now change the value of action to “phish.php”. We are doing this so when the user enters his credentials the page that loads will be “phish.php” and not the usual page Facebook loads.

Now let’s create the page phish.php. Open Notepad and type the following script into it and save it as “phish.php”. What this script does is it logs the user credentials and saves it to a file named “pass.txt”.

Now our files are ready. Next step is to upload these files to any free web hosting site available on the internet. Google for free web hosting sites, select any one of them(I selected bytehost7), create an account with username as close to Facebook as possible and delete the index.html file available in the htdocs folder. Then using Online File Management upload your own index.html and phish.php files to the htdocs folder. Your htdocs folder will look like below.

 Let’s check if our phishing page is ready by typing the address of our site. If the page is like below, then our phishing page is working.

The next thing we have to do is to send address of our fake website to the victim. We will do this through sending him an email but in order for the victim not to smell something fishy, we will obfuscate the URL of the fake page we are about to send him. The sending email address should be as convincingly close to Facebook as possible.

 When the victim clicks on the obfuscated URL, it will bring him to our fake site.

 If the victim is not cautious enough as to observing the URL and enters  his username and password, our attempt is a success. To show this, I will enter random values in both username field and password field and hit Enter.

Now a txt file with name pass.txt will be created in the htdocs folder containing both the username and the password.

 Click on the file. We can see both the email and the password i have entered. The email is “don’t get hacked” and the password is “like me”. 

Find it difficult? See how to do phishing with Weeman HTTP server

 Counter Point:

If you don’t want to fall victim to phishing, you can take a few precautions . If you want to open a site type the address directly in the URL and don’t open any redirected links. Don’t click on any mails which look malicious like asking for your login credentials.

That was our phishing tutorial for beginners. If you want to learn Ethical Hacking with Rea World scenarios, Subscribe to our Digital Magazine.