I have long ago accepted the fact that I will never be so computer literate as to hack in any smart, mechanical way and find social engineering a much more viable road to take, but as usual there is little to no information that helps very much. Do you guys have any experiences, thoughts, warnings, that would help point me in the right direction?
Why is that? You seem more intelligent than many people I've seen learning about hacking, security and programming. Nobody becomes a security expert in days, weeks or even months.Originally Posted by trickytap
It's mostly down to creativity, but a bit of ********* know-how is never a bad thing either.and find social engineering a much more viable road to take, but as usual there is little to no information that helps very much. Do you guys have any experiences, thoughts, warnings, that would help point me in the right direction?
For example, if a malicious person wanted to steal Yahoo accounts via phishing, he would write a convincing email as one of the Yahoo staff, asking the user to login to a fake page or send their details to him, etc. However, this scam would only be complete if he could successfully send an email from the Yahoo staff -- this would involve email spoofing (which requires ********* knowledge of SMTP). Both creativity and ********* skills.
Saying that, most of the scams in circulation today are copied from somewhere, and ********* tricks are documented everywhere in step-by-step instructions. This leaves social engineering to two paths -- follow a script and use somebody else's methods, or invent your own and be original.
Just try to think as the person you are targeting -- who do they trust? It's through impersonation of trusted people that social engineering works. Either that or the promise of great things, in which case people's greed takes over and they forget their usual skepticism.
Following on from that, social engineering works best when the user is offered something desirable (most often for free), or when the user is told of a deadline and consequences that they will face if they do not perform a certain action by the deadline (e.g., their e-mail account will be shut down if they don't re-activate within two days).
totally agree with mike it takes along time to learn the things you want to learn tricky my friend of mine is pretty good and he's still young, started taking classes in school about keyloggers he knows what they do and how they work so ya i totally agree with mike
What specific areas of programming do I need to look into in order to phish, apart from SMTP, in order to make fake log in pages? I can't find any of those ********* tricks with step by step instructions, but maybe I don't know which key words to search under.
you can find these on antiyahoo sites they always got shit on them matter of fact i know where you can get php script's to try it for yourself and what you need is already in the file once you download it. you can find these at [url]www.yah-stalkaz.com[/url] hope this helps
alright, i seem to have found everything i would need to make a fake log in, complete with files and instructions, so i will try it over the weekend (hi, bye, social life) and see what happens.
- Browser scripting such as (X)HTML, Javascript and CSS, and server scripting such as PHP or Perl.
- Website administration and management.
- The DNS.
- Use of FTP clients.
Learn about websites from those that set the standards:
[url]www.w*schools.com[/url]
php scripts ?
as u mentioned the site above i visited..... but unfortunately its no longer theryou can find these on antiyahoo sites they always got shit on them matter of fact i know where you can get php script's to try it for yourself and what you need is already in the file once you download it. you can find these at [url]www.yah-stalkaz.com[/url] hope this helps
the site owner dont have ***** to keep the site up an running ..do u know ne otha ? plz
damn that sucks, thats where i got my fake log in from and it works great... if you want i can help, send me an aim message, i posted the handle in the other post about fake logins... i wish now i could do a fake login for facebook!
Last edited by trickytap; 04-26-2007 at 08:43 AM.
From the previous post it seems you want to phishing email passwords? (not **** account details, etc..)
There are lots of other ways to social engineer than using fake login pages.. I personally wouldn't use them as more and more people are aware of clicking on links in emails (whether spoofed or not)..
It's far more (*********ly) easier just to find out enough amount of information to answer thier secret question/zip code etc when you click the forgotten password link..
Create a fake myspace profile which includes a picture of an attractive female.. getting chatting to people and phish all the information you need from them..
Good luck
Oh no I'm just nosy, not a criminal lol. It's people I know, so I'm doing a combination of tricking them into trusting me and asking seemingly random questions that would answer their forgotten password security, or just telling them it's my new pictures and they have to log in to see them. I'm not looking to just get a bunch of random information from random people (i.e. links sent in emails).
Posting Permissions
Reply With Quote
