Hack Gmail Accounts Using Phishing

What Is Phishing?

Hello, friends Today i will explain How to hack Gmail account step by step. The phishing is technique  that is used for stealing password of Gmail, yahoo, Facebook, twitter, Payza,Paypal or any other websites, the only difference lies in the METHOD and ACTION codes. In original webpage you are directed to database to that website but in fake pages you are directed to program that writes the log file that consist of username and password of the user. In fake page method function directs you to a php program that writes the log and simultaneously it redirects to original website and copy the username in the username column of original website and it shows that you have entered a wrong password and when you enter the password again then you are entered into the original website. So the user will never know that his account has been hacked, he will only think that he has entered wrong password. Before creating Phishing page first of all think like an hacker. Means, You know how these pages looks like? yaa...right. The same way, you can create pages like that. Wait...Wait..Don't worry...You don't  need to right all code. Just See the following steps.

NOTE: THIS TUTORIAL IS EDUCATIONAL PURPOSES ONLY. DON'T MISUSE IT. 

The Things that we need while creating page:

•  Phishing page for Gmail Website(or any other).
• A Free web hosting server to upload these fake pages.
• An Email account for sending mails. (create one fake email account).
• HTML format mail that has to be sent to user.

Note: By using this i have hacked more than 50+ accounts(not of my friends) of gmail, facebook, etc. As Hacking is my passion. But, i never misused this and i hope that you also not do that. This tutorial is for Educational purpose, I and hackingnil.blospot.com is not responsible if you have misused it.

STEP BY STEP GUIDE TO HACK GMAIL ACCOUNT

1. Download the phishing pages (fake pages for Gmail). Click here to download. (You can create any page that you want. Just open the page that you want to create fake page. Right click on webpage and select view source. Copy all code and paste it into notepad and save it as ex. gmail.html).
2.  Now open the Gmail folder. In this folder you will see three files namely:

•   gmail.html
•   mail.php
•   log.txt

Gmail.html is the phishing page that looks like original Gmail page, when user enters his credentials i.e. username and password, then it will be redirected to mail.php file which will write username and password to log file and simultaneously redirect the user to original website, that will show, you have entered wrong password. 

Now You have to create account on free Web Hosting website. The Following are the web hosting sites. Signup one of the website.

www.t35.com
www.110mb.com
www.youfreehosting.net
www.esmartstart.com
www.ripway.com


Now login into your hosting account, and upload the above 3 files. Once you have uploaded the files in the web hosting directoory. You Can also upload these files using XAMPP web server. (To Download : click Here)

Now Creation Part is over, now we have our link that we will send to the user. Now How we will send it to user. Open your fake email account that you have created.Click on Compose mail and In Subject Enter "Gmail :Please Verify your Gmail Account" ( without quotes). And in body write something like that we have seen illegal activity from your account. please verify your account within 24 hrs. We have to lock your email account. For verifying visit here www.gmail.com and hyperlink link your fake mail address and send it to user. 

If you don't want to do all above stuff or you are new in hacking you can get the original phishing page(Your own) and full tutorials with video of any site at Just $50, We can't disclose all stuffs directly on website.(Contact Admin).

Now just wait one day or few hours till user enters his credentials.(depends how fast the user reacts to the email). Once the user logs in to his Gmail account using your Phisher, his user ID and password are ours..And these are stored in log.txt What you have to do is just refresh your Web hosting account files. The Log.txt file will contain the passwords and look like this:

How to Protect Your Gmail Account From Phisher?

1. Always check the URL in the address bar before entering username and password.
2. Never follow any link from your email and any website until u have confirmed the           Address bar URL.
3. Never Follow spam mails and "Win lottery or Cash" mails.

Most Ways to hack a Facebook Account

Phishing :

The first and very basic way of hacking Facebook accounts is via Phishing. Phishing is actually creating fake web pages to steal user’s credentials like email,passwords,phone no,etc. 

•  Drawback :

Users nowadays are aware of these type of attacks and one can not be easily fooled using this attack. You need some social engineering to trick someone.

• Prevention :

Always check the page URL before logging in. This is the most trusted and effective way one can use to avoid himself from phishing. Other way is to use some good Antivirus software which will warn you if you visit a harmful phishing page. Even if somehow you have already entered your credentials in a phisher, Immediately Change your password.

Keylogging :

This is another good way of hacking Facebook accounts. In this type of attack a hacker simply sends an infected file having keylogger in it to the victim. If the victim executes that file on his pc, whatever he types will be mailed/uploaded to hacker’s server. The advantage of this attack is that the victim won’t know that hacker is getting every Bit of data he is typing. Another big advantage is that hacker will get passwords of all the accounts used on that PC.

• Drawback :

Keyloggers are often detected as threats by good antiviruses. Hacker must find a way to protect it from antivirus.

• Prevention :

Execute the file only if you trust the sender.Use online scanner such as novirusthanks.orgUse good antivirus and update it regularly .

Trojans/backdoors :

This is an advanced level topic. It consists of a server and a client. In this type of attack the attacker sends the infected server to the victim. After execution the infected server i.e. Trojan on the victim’s PC opens a backdoor and now the hacker can do whatever he wants with the victim’s PC .

• Drawback :

Trojans are often detected as threats by good antiviruses. Hacker must find a way to protect it from antivirus.

• Prevention :

Execute the file only if you trust the sender.Use online scanner such as novirusthanks.orgUse good antivirus and update it regularly .

Sniffing

It consists of stealing session in progress. In this type of attack an attacker makes connection with server and client and relays message between them, making them believe that they are talking to each other directly.

• Drawback :

If user is logged out then attacker is also logged out and the session is lost.It is difficult to sniff on SSL protected networks.

•  Prevention :

Always use SSL secured connections.Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.

Social Engineering :

This method includes guessing and fooling the clients to give their own passwords. In this type of attack, a hacker sends a fake mail which is very convincing and appealing and asks the user for his password.Answering the security questions also lies under this category.

• Drawback :

It is not easy to convince someone to make him give his password.Guessing generally doesn’t always work ( Although if you are lucky enough it may work!).

•  Prevention :

Never give your password to anyoneDon’t believe in any sort of emails which asks for your password.

Session Hijacking :

In a session hijacking attack an attacker steals victims cookies, cookies stores all the necessary logging Information about one’s account, using this info an attacker can easily hack anybody’s account. If you get the cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook, Google, Yahoo.

• Drawbacks :

You will be logged out when user is logged out.You will not get the password of the user’s account.Will not work if the user is using HTTPS connections.

• Prevention :

Always work on SSL secured connections.Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.

BlueStacks : Run Mobile Apps On PC

Windows + Android

If you want to play or install all android apps on your PC then install a tool called bluestacks. 

Download

Download it from above link. After downloading, install the software. Installation starts only if you are connected to the internet. While installing if you get following error then your PC is not supported to install this application. You need to buy graphics card for that. After that you are ready to use this application.

REMOVE VIRUSES FROM PENDRIVE

If your Pen Drive infected with any of the following viruses then delete them all:

Autorun.inf
virus-pendriveAutorun.inf
New folder.exe
Iexplorer.vbs
Bha.vbs
nfo.exe
New_Folder.exe
ravmon.exe
RVHost.exe or any other files with extension.

Actually, these viruses are hidden and can’t be seen even after you enable show hidden folders. Following simple dos command will change the attributes of these files ,there after you can remove them.
Steps:

Step1.: Type cmd in Run

Step2.: Switch to the drive on which pen drive is connected (like C:\> h: enter..here h is letter of your pendrive)

Step3.: Type exactly as attrib -s -h *.* /s /d and hit enter (don’t forget spaces).

Now you can see hidden virus files and you can delete them

Android Mobile Secret Codes

*#*#4636#*#* - phone information

*#*#273283*255*663282*#*#* - file copy screen (backup media files)

*#*#526#*#* - wlan test

*#*#232331#*#* - bluetooth test

*#*#232337#*# - shows bluetooth device address

*#*#232338#*#* - shows wifi mac address

*#*#7594#*#* - change end call/power option

*#*#197328640#*#* - service mode

*#*#1472365#*#* - gps test

*2767*3855# - hard reset

*#*#7780#*#* - factory reset

*#*#1575#*#* - another gps test