Hacking Challenges

Underground – Password Phishing

August 12th, 2008 by Patchy
Phishing is a method of obtaining sensitive information such as usernames and passwords by pretending to be a trusted website.  Tehdead shows us a variety of password phishing techniques that enable an attacker to trick a user into giving up their login information.  The first step is to create a fake login identical to the login on the trusted website.  In order to not raise suspicion, Tehdead explains two methods to capture the victim’s password and then transfer them to the real website.  One method is to sumbit the information to a php page that is disguised as a pop-up advertisment, and the other is to send the username and password to a simular php page that is contained in an iframe.  Lastly, Tehdead describes how to use link manipulation with BBcode to social engineer a victim into going to the fraudulent website. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send a email describing your video to

Posted in Underground | 5 Comments »

5 Responses

  1. mathspeedy Says:

    interesting …

  2. excid3 Says:

    nice work Tehdead, look forward to your next video! and maybe it wont take so long to make it next time :P

  3. overide Says:

    very nice video Tehdead

  4. supercede Says:

    nice video.

    but can some one help?
    i follow the steps carefully and checked the coding, but i cant get the cookie catcher to grab my pass on infinity login. i get a popup saying error 404 and the netflix image does not show.

  5. supercede Says:

    ok guys i fix the error. but i cant the cookie catcher to send the user and pass to the wp-logins.html.

You must be logged in to leave a comment.