xymon
+ Reply to Thread
Results 1 to 9 of 9

Thread: my first fake login page

  1. #1
    Join Date
    Nov 2006
    Posts
    16

    my first fake login page

    i'm nervous about my first foray into social engineering, i have the fake login page but i don't know how long it's going to be up (assuming hosting sites take down these sorts of things as i have read they do) and i'm not sure what's the best approach to take with my mark(s)... although i feel with the right story i could trick them into using it...

    here are the cons with my fake login:

    it will only be useful for yahoo passwords
    the newest version of ie has phishing security, and it will tell you that the page is suspicious
    when the mark types in the password, it doesnt show up in asterisks

    here are the pros:

    if someone actually is tricked into putting in their password i will get it... lol

    does anyone have any marks for me to test run it on?
    Last edited by trickytap; 04-25-2007 at 05:08 AM.

  2. #2
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by trickytap View Post
    i'm nervous about my first foray into social engineering, i have the fake login page but i don't know how long it's going to be up (assuming hosting sites take down these sorts of things as i have read they do) and i'm not sure what's the best approach to take with my mark(s)... although i feel with the right story i could trick them into using it...
    This part is really up to you and your own creativity. Try to imagine the times when you've been convinced to click a link, either by legitimate people or other social engineers. E-mail spoofing can help.

    the newest version of ie has phishing security, and it will tell you that the page is suspicious
    Those filters only work with lists of known bad URLs. It depends on how long it takes for someone to report your site.

    when the mark types in the password, it doesnt show up in asterisks
    Why? The input tag should have its type set to password (<input type="password" />. Fake pages should be copied from the original website, URLs modified to fit the new location and the form pointed to your new processing script. There's no need to write the whole HTML page from scratch (as this would be pointless and not look genuine).

  3. #3
    Join Date
    Apr 2007
    Posts
    14
    if ur looking for hosting i can host ur fake login for cheap and it wont be taken down

  4. #4
    Join Date
    Nov 2006
    Posts
    16
    evilthoutz, i may take you up on that if i need to.

    mike, where would i need to edit this: (<input type="password" />

    can i just open the html in notepad and replace all? what is the original text that i need to replace with this code? all the input values are "hidden". should i change to "password" instead?

    oh never mind. i figured it out but it did make a few minor changes to the rest of the page. but the password does type in in asterisks now.
    Last edited by trickytap; 04-25-2007 at 02:35 PM.

  5. #5
    Join Date
    Nov 2006
    Posts
    16
    ok if anybody wants to try it out on someone they know, i can give you the link and if they use it, i can give you the pw too... for a small fee

  6. #6
    Join Date
    Aug 2006
    Posts
    233
    if you have hosted on domains like geocities,tripod ect,best is not to publish it,keep it private and just send out a link to the victim with a spoofed email.
    The redirection after they click on sign in or submit should be a obvious one.
    jabber: gh05t*d@jabb*r.org Email: gh05t*d@hack.cl

    Internet security is as real as your Dreams !

  7. #7
    Join Date
    Nov 2006
    Posts
    16
    its not on any of those popular sites, i had to (didnt necessarily want to) go out of my way to find a somewhat obscure hosting site, and im not planning on making it public but will send it out on an individual basis... the redirect is to the REAL login page so you are just under the impression that its not registering or something

  8. #8
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by nozf*r4tu View Post
    if you have hosted on domains like geocities,tripod ect,best is not to publish it,keep it private and just send out a link to the victim with a spoofed email.
    The redirection after they click on sign in or submit should be a obvious one.
    Geocities, Tripod, Freewebs and all the other hosts from the *0s are for static HTML pages only -- unless you pay for a hosting plan, you won't be able to use any PHP or Perl scripts on them. Without that, you can't really host any phishing pages without resorting to form mailing services.

  9. #9
    Join Date
    Dec 2006
    Posts
    54
    lol i wish i knew how to create one of those fake pages, it would sure be usefull to me.

+ Reply to Thread

Similar Threads

  1. Yahoo fake login page
    By bukuro5hi in forum Programming
    Replies: 6
    Last Post: 03-06-2010, 06:39 AM
  2. My fake login page
    By jeffrey_978 in forum Programming
    Replies: 19
    Last Post: 01-14-2008, 04:12 PM
  3. Looking For A Good Msn Fake Login Page
    By wiam90 in forum Internet Privacy
    Replies: 1
    Last Post: 11-29-2007, 02:07 PM
  4. Fake msn login page
    By Carlo in forum Internet Privacy
    Replies: 175
    Last Post: 04-09-2007, 09:42 AM
  5. How To Use Fake Hotmail Login Page?
    By ahsanrajper in forum Internet Privacy
    Replies: 0
    Last Post: 11-21-2005, 04:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts