the complete hackpack
TRANSCRIPT
-
8/4/2019 The Complete HackPack
1/18
Pratpurch
2010
the complete
HackPackfor Facebook, Gmail and Yahoo Accounts
-
8/4/2019 The Complete HackPack
2/18
Disclaimer
The following is intended for educational purpose only. The
article only discusses certain ways of the being hacked in
detail. I sincerely hope to educate people about the
possibilities of losing their passwords to the hackers through
this article.
This document is helpful to its readers in knowing the ways
the hackers crack their passwords, thus making them aware of
their tricks. This would be immensely useful to the readers in
keeping their accounts safe. My only motto behind making this
is to educate the readers about the hacking techniques.
I dont take any responsibility of the misuse of the knowledge
gained through this tutorial by anyone. As the author of this
book, I wish to warn my readers that hacking is a highly
unethical activity and considered illegal in many states, also
subjected to legal action. However, the readers are solely
responsible for their own actions.
- Pratpurch
-
8/4/2019 The Complete HackPack
3/18
You have been warned
-
8/4/2019 The Complete HackPack
4/18
Contents
Introduction
Overview
Requirements
Phase-I
Making the website
Making the page
Phase-II
Putting the page up on internet
Configuring the page
Building a proper link for the page
Phase-III
Knowing your victim
Setting up the trap
Receiving the prize err, password!
-
8/4/2019 The Complete HackPack
5/18
Introduction
There are commonly three methods of hacking passwords.
They are discussed as follows.
Key Loggers: They are the special softwares called thespywares installed on the computer without the consent
of the owner of the computer. These scripts stay stealth
on the computer and keep track of all the key strokes and
usage of applications then store the details in log files.
These log files are mailed to the hacker time to time as
configured by him without the knowledge of the victim.
Database Injection: This is a technique of gaining accessinto the database where the passwords are stored. The
textboxes, where the usernames and the passwords areentered, act like a window to the database. Hackers use
special codes in place of the username & password fields
and get into the database. This is highly unlikely to work
in case of the systems adapted by Google, Yahoo, etc... as
they only store the encrypted password.
Fake Page:This is the method in which the hacker throwsa fake login page at the victim and if the victim falls for
that, the password entered by him in the fake page is
received by the hacker.
The method we discuss in this tutorial is based on the thirdand my favourite, the Fake Page method.
-
8/4/2019 The Complete HackPack
6/18
Overview
Internet giants like Facebook or Gmail uses a very high level of
security. This is a four layer security protocol what we aretalking about. Each of the layers is the best in itself and hence
makes it almost impossible for anyone to get into the account
without the proper password.
But remember, we are using a fake page method. So we dont
really have to worry about the security protocols anymore.
Our concentration, in this tutorial, would be to make a fake
page that can fool the person we are kidding with!
Making a fake login page is very easy but dont think just
saving the real login page will do. Of course, that would be the
first step. But, there are a series of steps that are required to
be taken as to make the fake page save and send the
password to you and the victim to his desired destination.
When a victim is given a link of the fake page, it is to be made
sure that the page carries him to the appropriate webpage
after feeding the password. Otherwise, the victim would get
suspicious and may change his password and never click the
link again.
There are mainly three important phases for the execution of
this method. They are discussed in detail in the following
pages
-
8/4/2019 The Complete HackPack
7/18
Requirements
1.A website2.A hosting account3.Basic knowledge of HTML4.Cunning skills5.Knowledge of the victims interests
If you already have the first two requirements, you are already
half way through the process.
If you dont have a website or a hosting account, stick with me
right from the phase-I of the tutorial.
If you dont have any knowledge of HTML, dont worry, just
follow this document carefully and youll be fine.
Well, I am sure that you have the fourth requirement.Otherwise, you wont be reading this at all!
If you dont have much knowledge about the persons
interests you want to hack, you can always read their profiles
on those social networking sites.
-
8/4/2019 The Complete HackPack
8/18
Phase-I
Making the website
Phase-I corresponds to making a website and have a hosting
account set up where you can mount the fake page. A website
has to be made before you make a fake page.
To make the required website, follow these steps
1.Select a name for the website. Preferably a tricky name likemc995 or sn144 or such an alphanumeric term. The name
should be like that because when we mount the fake page
on this website, it looks more real with the URL.
2.Open the websiteco.ccand register the name of thewebsite you decided. We consider sn144.co.cc as an
example in this document.
3.Click on the manage domain tab to set up the domain.4.Here, name-servers are to be updated in this page5.Meanwhile, openfreehostia.com(or any other hosting
account you know) and register for a free hosting plan for
the domain you just created. Soon, you will get an email
containing the login and name-servers details.
6.Find the name-servers in the email and update them in theco.cc account (in step 4).
7.Open thefreehostia control panel (login details in theemail). Click on the Elephante free scripts in the web tools.
http://co.cc/http://co.cc/http://freehostia.com/http://freehostia.com/http://freehostia.com/http://freehostia.com/http://co.cc/ -
8/4/2019 The Complete HackPack
9/18
-
8/4/2019 The Complete HackPack
10/18
Making the fake page
Its time for making the fake page. It requires a lot of labour
for doing that. Lucky for you, I have attached the pages that I
have already made. All you have to do is to just open the file
and make little changes.
I have attached all fake pages of Facebook, Gmail and
Yahoomail that I have. There are two kinds of changes you
have to make to those pages. One is a permanent that you
dont have to change ever again and another one is what youll
have to change every time you change a victim. You can learn
about the permanent change here. The other kind of changes
is discussed in the Configuration of fake page section.
This change is about supplying the fake page the required tags
(lines of code) that are responsible for saving the entered
password and sending it to us. To find the code, you have to
open the webpage that I asked you to bookmark in the
previous section. After opening the page, open its source page
by clicking Ctrl+U. This shortcut works in many browsers. The
pages source can also be viewed by right clicking on it and
choosing the required option.
-
8/4/2019 The Complete HackPack
11/18
The source contains hundreds of lines. Scroll down and
identify the part of the code that contains the following in red
(ABCD is not initially present, must be added to the code later).
-
8/4/2019 The Complete HackPack
12/18
Phase-II
Putting the fake page up on internet
It is easy from here on. To put the fake page up on the internet
you have to login to yourfreehostia account (or any other
hosting account you registered in) that you created in the first
phase while creating the website. Open the file manager and
make three different new folders namely google, ymailandfacebook.com in the home directory. Upload the Gmail and
Google accounts fake pages into the folder google. Upload
the yahoomails fake page into the ymailfolder. There are two
files for facebook fake page. Both of them should be uploaded
into thefacebook.com folder. Read the READ ME I provided.Make sure this is done only after the making that permanent
change in the fake pages.
This step puts the fake pages up on the internet. Now the fake
is visible to the world on the following addresses
http://your-website-name/google/Google%20verify.htm
http://your-website-name/ymail/Yahoo%20verify.htm
http://y-w-n/facebook.com/Login%20%20%20Facebook.htm
Example: http://sn144.co.cc/ymail/yahoomail.htm
-
8/4/2019 The Complete HackPack
13/18
Configuring the fake page
The fake page is ready. But before you use it on your victim,
you have to configure it such a way that it asks for his
password. Only then, he would feel that is a genuinely asked
page and submit his password in the password field.
To configure the fake page, open thefreehostia account (or
the hosting account). Open the file manager and reach the
uploaded fake page. Open the page using the code editor. This
opens the source code of the page. Hit Cntl+F and find the
word PRATPURCH. They may be more than one. Replace them
everywhere with your victims username and save it. When
you open the link of this page, you will find a webpage that is
asking for your victims password. Configure gmail andyahoomail fake page in this same way.
Configuring the facebooks page is little different. It is same
until the previous step except for you write the exact profile
name of your victim instead of his username. Then hit Cntl+F
and find the word PRATPIC. Replace this word with the imageURL of your victims facebook profile pictures thumbnail.
IMPORTANT: The thumbnail is different from the profile
picture, should not be mistaken. It is the smaller form of the
profile picture which can be found on the victims wall. The
thumbnails URL can be obtained by right clicking on it andselecting Copy Image URL.
-
8/4/2019 The Complete HackPack
14/18
Building the proper link for the fake page
Building a proper link for the page is necessary because when
you send the link http://sn144.co.cc/ymail/yahoomail.htm to
your victim, he will easily get suspicious about the safety of
the link. If he is a HTML literate, he will easily know that it is
an uploaded page and never click it.
Hence we have to disguise the link of the fake page into
another form before sending it to the victim. This is very easy.
All you need is to open any of the following websites
- http://bit.ly- http://tiny.cc
I personally recommend the bit.ly. Copy the link of the fake
page on the clipboard and paste it in the large field on bit.lys
home page. Click on Shorten. This will give a short URL that is a
substitute for the fake pages link. You can check, the short
URL will also direct to the fake page just as the original one.
Make sure that you dont make any change in the folder or thefile names of the fake page onfreehostia (hosting account). In
case you do, the previous bit.ly short link will no longer work.
You will have to create another bit.ly link for the new address
of the fake page.
The short link will look like
http://bit.ly/xxxxx
http://bit.ly/http://bit.ly/http://tiny.cc/http://tiny.cc/http://tiny.cc/http://bit.ly/ -
8/4/2019 The Complete HackPack
15/18
-
8/4/2019 The Complete HackPack
16/18
Receiving the prize
After all this effort of making websites and fake pages, the
password what you get in the end is not less than a prize!
The password entered by your victim will be delivered to you
instantly in your inbox of the email you provided in the
contact form 7settings page (in the step 12 ofMaking the
website, Phase-I). The password will be the subject of the
email. The emails body will not contain anything. You can set
up how you want to receive the password by the settings of
the contact form 7. [your-name] is the code for the password. I
have set it such a way that it is displayed as the subject of the
mail. You can make changes as you want by putting this code
in the body of the email.
The concept behind this method is that the contact form 7
delivers anything that is entered in its fields to the email
provided. I have interfaced the contact form with the fake
page. Now, the password field in the fake page acts as the
contact form 7field and anything entered in it will bedelivered to you in the email the way you set it up in the
contact form 7settings.
-
8/4/2019 The Complete HackPack
17/18
-
8/4/2019 The Complete HackPack
18/18
Good luck
Contact