Gmail is one of the most popular email site right now.It is so common now that every Tom,Dick and Harry use gmail.It is far most one of the safest site amoung email sites.When it comes to hacking a gmail account,there are several methods,but we will discuss the method of phishing page here.Phishing page is a fake page which is designed to gain sensitive information like usernames/passwords.It looks exactly like the original page but the control is in someone else's hand.So now starting with gmail hacking.The method is given below-
1)Create an account on the given web host site http://my3gb.com/
This website allows you to store data upto 3 GB online.On
this website,we shall be storing the data of the phishing page.
2)Download the gmail phisher from the link given below
Download Gmail Phisher
3)Goto file manager and upload all the files in the gmail phisher on your account on
my3gb.com.
4)After that just goto ServiceLoginAuth.htm and try out whether its working
5)After opening it,you just enter any user name and password And after you type a password file will be created in the same directory named as passwd.htm.Refresh the page if passwd.htm is not created.
6)Then you can see what username and password you have entered.That’s it now you can give this link to your victim and when the victim login through you fake login page his passwords will get saved into the passwd.htm file.
Here we have used the PHP scripting.The ServiceLoginAuth.htm
file is the html page which looks exactly like the gmail login page.Here the victum enters his
user id and password in the text box and password box.
PHP script(input.php file) is used to link the input from the text boxes
to our passwd.htm file and in this way we get the username and the password of the victum.
Just email that link to a victum along with a message like-"Login to your gmail account within 48 hours otherwise your account will be terminated or something like that."
If the victum logs in,u would be at the driver seat :)
How to protect yourself against this attack-
A phishing page is detected by most browsers including IE,Mozilla,Chrome,
Safari,Opera etc.Keep your browser updated.Besides that,make sure that the page from which you are logging in is not a phishing page by keeping a check on its URL.Don't use any third party applications like chat messengers etc,they save your password and can access your account without your permission.Use only the software's designed by that site.
1)Create an account on the given web host site http://my3gb.com/
This website allows you to store data upto 3 GB online.On
this website,we shall be storing the data of the phishing page.
2)Download the gmail phisher from the link given below
Download Gmail Phisher
3)Goto file manager and upload all the files in the gmail phisher on your account on
my3gb.com.
4)After that just goto ServiceLoginAuth.htm and try out whether its working
5)After opening it,you just enter any user name and password And after you type a password file will be created in the same directory named as passwd.htm.Refresh the page if passwd.htm is not created.
6)Then you can see what username and password you have entered.That’s it now you can give this link to your victim and when the victim login through you fake login page his passwords will get saved into the passwd.htm file.
Here we have used the PHP scripting.The ServiceLoginAuth.htm
file is the html page which looks exactly like the gmail login page.Here the victum enters his
user id and password in the text box and password box.
PHP script(input.php file) is used to link the input from the text boxes
to our passwd.htm file and in this way we get the username and the password of the victum.
Just email that link to a victum along with a message like-"Login to your gmail account within 48 hours otherwise your account will be terminated or something like that."
If the victum logs in,u would be at the driver seat :)
How to protect yourself against this attack-
A phishing page is detected by most browsers including IE,Mozilla,Chrome,
Safari,Opera etc.Keep your browser updated.Besides that,make sure that the page from which you are logging in is not a phishing page by keeping a check on its URL.Don't use any third party applications like chat messengers etc,they save your password and can access your account without your permission.Use only the software's designed by that site.
This post is meant only for educational purposes,any
misuse of the above information shall not be the
responsibility of publisher
