What is Phishing :
Phishing is one of the hacking methods used by script kiddies to steal passwords or confidential information.
'How to hack an email?', 'How to hack banking passwords' these are the common questions Google faces everyday. So, let’s start discussing the techniques of 'stealing passwords'.
Many students show their interest on hacking to steal their girl or boy friend’s passwords, then they will become exports in other topics of network security too.
Phishing Defination:
Phishing is old and evergreen attacking method to steal confidential information like passwords, credit card numbers etc. An attacker creates a page that looks like original page, and make us to believe it is genuine.
Procedure for Phishing Attack:
Step 1: create or get a page which looks like original page. If you know any web programming language like html, asp.net, php, jsp or python you can design it yourself, if you are not a coder, then you can use 'super phisher' tool to grab the page.
Step 2: host on a live server.
There are 1000’s of free hosting servers available on internet and they are at a distance of Google search. 'Free php hosting', or VPS or hack a site, and upload your fake page on the compromised site (Hacking? What is this? You are in a distance of few pages to learn website hacking, so until then forget about this sub step) and upload this page to server and get its link.
Step 3: send the link to the victim with a fake profile, make sure that the victim won’t suspect you.
Trick: If you think he/she will not chat with unknown persons, then compromise known persons of him/her, then send this link to victim from compromised account.
Step 4: If victims enter their data, then you are lucky. Data entering by a victim will be stored as coded in server file or as per the setting you provided to 'super phisher' tool.
If victim know the difference between fake and original pages like you then we should use other techniques, which we will explain in next couple of lines.
Lots of my friends used this trick on their friends and succeeded but they forget to change the name of a log file where it saves passwords. So I’m able to see username and passwords which they grabbed.
Phishing Example:
You can use this trick in another way which is new to many geeks. In my college everyone knows about fake pages, even you know about it now.
If you don’t know then stop here and restart reading about phishing from start. Let’s come to point. I have, created applications in win forms (C#) which looks like yahoo messenger & Gtalk. Then I installed in all of my college systems.
In which I coded to log the entered username & password then it should send those credentials to my email. I got 600+ unique emails & passwords including my faculty members.
1. Tab Napping:
This is considered as advanced form of phishing. Today most of the browsers support tabs. In this method, attacker shows a normal page with general stuff.
Whenever victim starts surfing other tabs, attacker page will be redirected to a fake page without his/her knowledge. You can explore this more practical in set of backtrack chapter.
2. Desktop Phishing:
A file named 'hosts' exists in windows os, at path C:\Windows\System32\drivers\etc. this file associates IP and domain names. If you could create a fake entry with original domain name to fake IP, then browser will be redirected to fake IP when user types domain name.
Note: we used local IP 192.168.024 to redirect facebook.com, it works only if a victim is in my LAN else use public IP and also you can use set kit to clone site.
Prevention of Phishing :
If we cannot identify the difference, we may enter our confidential information. Companies reporting many billions are being stolen through this method.
Now we are going to study how to protect ourselves from these types of attacks and how to perform this attack.
Which Website is This ?A fake page which looks like Gmail page.
I know you are very familiar with this design. Whenever we see a page like this, our brain says its Gmail page. Because we believe more in visual stuff.
Now let’s see original Gmail.
Now observe these 3 images very clearly.
Then observe zoomed image of original page URL.
Difference between these 2 pages is:
Protocol: https in original page, http in fake page.
SSL (lock symbol) in original page, which is not there in fake page.
Hope you will not enter your passwords in a fake page from now. But how to grab your friends password with this technique? Let’s start learning about it now.
Credit: Sai Satish (Indian Servers CEO)
0 Comments