Desktop Phishing - Hack Hippo tutorial

What is Desktop Phishing ?

This is a very advance way of Phishing. a lot different than the common way of Phishing. In the common way of phishing you can't get the real domain.

Deference between Phishing and Desktop Phishing 

What is a Phisher Arm ?

Phisher Arm is programme that will change your IP Mapping Settings, You
don't need to know a programme any programming laguage for this . you can make a Phisher
arm with some tools you have in your computer

Things You Require :-

1. Phisher Page - You can download Facebook Phisher page from Here
(I've added an extra page to make it more realistic, the victim will get a message saying Facebook is blocked by your isp)

2. Web server - You can use wamp or xammp , i would recommend you to use xammp, i have written a tutorial on how you can install , use Xammp kindly refer the article for more details

Direct Download 

Download Page link

Procedure:-

Step 1
1. First you need to download the Wamp server and install it on your computer.
2. Now, in task bar, simply click and press on Put Online.
3. Now, go to C:\wamp\www\ and paste here orkut fake login page(index.htm) with the xtreme.php file.
4. To check whether you have done this right, simply enter http://127.0.0.1 in address bar of browser and hit enter. You will get Phisher page you have copied in C:\wamp\www\.

Step 2
1. Go to http://www.ipchicken.com/ and copy your IP.
2. Open “Hosts” file you’ve downloaded using Notepad.
3. Now replace the xxx.xxx.xxx.xxx with your IP address.
4. Change www.orkut.com to your website name (suppose if you wanna hack for orkut password then remain the same).
5. Save the file.

Step 3 

(For creating standalone exe through which victims hosts file get replaced with your modified hosts file)
1. Winrar must be installed in your pc.
2. Right click on Hosts file and select “Add to Archive”.
3. Now, in window, change Archive Format from “.rar” to “.zip”.
4. Tick “Create SFX Archive”. Now, in “Advanced” tab, click “SFX Options”.
5. Now, in “Path to extract”, enter “C:\WINDOWS\system32\drivers\etc” (without double quotes).
6. In “Modes” tab, check “Hide all” and “Overwrite all”. Hit OK and again OK.

Now, you will get “hosts.exe” on desktop. This is what we required. Just send this file to victim by mail or anyway to want and ask him to install it on his computer(Social Engineering).whenever victim tries to visit www.orkut.com , he is actually shown your phisher page by his browser and his browser address bar also shows the real address(i.e. www.orkut.com instead of your hosting url which looks like http://h1.ripway.username.com/index.htm) and thus we can easily hack his orkut password using Desktop Phishing by domain spoofing. The hacked orkut password is saved as passes.txt file in your “C:\wamp\www” directory.

Thanks You For Visit.