Hey there, Techmidroid here. And this time were going to reveal how to hack any Facebook/Gmail/Instagram or any other account. The technic were gonna discuss abou t is called phishing. We would like to talk about what phishing is, how to hack any logins with this technic, keeping yourself safe from any phishing attacks and well cover some of the advanced phishing technics. So whats phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
;
So if you wanna get into your girlfriends account and see whats she is doing, like many of my friends asked me, then this is the place. The internet says a lot about phishing and is updated with news on phishing attacks day by day. So if you wanna research on whats phishing you can surf the internet. As were emphasizing on the later (Hacking Logins and Getting Safe) here we provide you only a nutshell of what it is.
You might be familiar with the famous internet prank Love Calculator, sorry if not. It was plotted in this way that you receive a message from your friend saying calculate your love percentage with a link, you open that, get this screen where you have to enter your name along with the name of three of your crushes and click submit. When youre done, a message will pop up saying youre being pranked by your friend and the names you entered has been sent to his/her email. You feel cheated and the same time get amazed of this new mindblow that you can use in your friend circle hoping youre the first to shoot. So what if you replace this screen you got with any of the login screens including Facebook/Gmail/Instagram or any other and you dont show a ny prank messages at the end! That simply is phishing. Youre shown up with a facebook login page, enter your credentials but, the login was not successful, it was redirected to some ad pages or doesnt show up anything. And you think thats some error. But thats not it, youve been compromised. The login credentials have been sent to someones gmail and you wont have a clue on what just happened.
Getting Your Hands Dirty
Disclaimer: Techmidroid wont be responsible for any activities that is being done using this tutorial.
Step 1:
Sign Up for z-shadow.us
And you will be shown up with a page like this.
< /div>
Step 2:
Youll be provided with a set of websites, website logos and the links. Only you have to do is choose the website, under the link section select the language the page should be appe ared. Copy the link that appears and send it your friends.
Step 3:
He will get this login screen upon opening the link(Here Ive used Facebook).
And when he/she enter their credentials and hit the login button they will be shown up with with an ad page and thats it.
Step 4:
Login t o your z-shadow.us account. You can find the usernames and passwords under My Victims tab.
So now you know how stuff works.
NB: Theres an option to create a new login page if the website youre looking for is not listed in z-shadow. Under Make Custom Page select Create Your Own Page, insert the URL of the original login page you wanna create a mirror, complete the captcha and youre done. You can get the link under Make Custom Page - My Pages, that you can use just as the above.
How to get yourself safe from phishing attacks?
Make sure you check the URL thoroughly that nothing suspicious is found.
Below is an image of the Facebook login page. But you see the URL is something else, not facebook.com, which means its not the original facebook login.
Theres also this chance that you might get fooled if you only check the URL. There are many phishing scams that uses the legitimate URLs thats hard to differentiate.
So before logging into any website always try a random Username and Password. If it gets redirected to some other pages other than expected or doesnt shows up anything GOTCHA you were about to be stolen.
Advanced Phishing with Two-Factor Authentication Bypass
- Attacker generates a phishing link pointing to his server which acts as a proxy server.
- Victim receives attackers phishing link via any av ailable communication channel (email, messenger etc.).
- Victim clicks the link and is presented with proxied Google sign-in page. Victim enters his/her valid account credentials, progresses through two-factor authentication challenge (if enabled) and he/she will be redirected to some other pages or even his/her original account depending on what the attacker has set.
- You cant try any random username and password to check the legitimacy of the link. You should enter your valid login credentials, the server will look up for its validity.
Metpor söve & mantolama
ReplyDelete