French
Portuguese
Spanish
Arabic
Chinese
Don’t mail me your password plz :p
Posted by roushdat on April 16, 2007
Greeetingzzzzzzzzzz…long weekend wasn’t it?
So, let’s get back to some serious stuff as usual now :p I’ve been receiving some login details in my mailbox yesterday from several friends of mine :SLet me explain: I’ve modified a hi5 page so as to receive the username and passwords of some people in my mailbox when they login 
Ehhh relax, am not a hacker :p…I’m if am not wrong, i’m a phisher Not a real one though, I’ve done it only to educate my fellow friends how to keep their passwords safely and take better care!I’ll be using the common friend-networking site known sa hi5.Ok let me explain the whole ‘idiot-trap’ operation I start by saving a copy of Hi5’s login page on my pc and renaming it as hi5_approve_five.phpOpening the Hi5 login page…I look for the login form and modify the action value to login.php
I create a login.php page, in which I put the code for sending the username and password to me and redirect the user to www.hi5.com . I also set a cookie to know if someone has been a victim 
Now I create an email using the same format as Hi5 and send it to a friend. Notice the View five link in the mail, it’s value is: http://myipaddress/hi5/hi5_approve_five.php
Thus when the user clicks on it, its the login page found on my own server that will be loaded and its link will look as: http://41.212.140.10/hi5/hi5_approve_five.php
Most users won’t take care about the weird looking link and that’s the problem with most surfers…they are not careful enough :p
The victim types in the login details and click submit. The result is posted to login.php…the details are mailed to me and a cookie is set on the victim’s pc.
This cookie is checked if ever the user clicks on hi5_approve_five.php later on…He will then not be able to see the page again, because if the condition that cookie is set is satisfied, the page will redirect to www.hi5.com.
Ok after setting the cookie, the page redirects to hi5.com anyway And the user will not find his five…so he will think hi5 lost his five :p…That’s the end of the story for the victim and my story starts :p
I’ve got ur login details now…so i can enter into your hi5 account at will :p
This thing can be done for many many other sites as well
Oh yeah…Originally, this was targeted for Vicky…who still owes me 2 zinger meals…but he’s now trying to run away from it…So I decided that it was time for payback…I crafted the whole phishing thing to trap him…but for some unknown reasons the mail couldn’t reach him :p
So, he escaped??? Naaaaaaaaaaaaaaaa…Remember he was wreaking havoc in my mailbox? So i really wanted to get into his hi5 account now So I started thinking…Yeah…Mx….UOM….Mail….Accounts…compromised :p Oh yeah, if you guyz didn’t know, all students email accounts were compromised last year…Someone who wasn’t supposed to access these info…did get through!
And at that time, Vicky just couldn’t believe…so he had his mx email account tested and he was given his password…. sk***r. He was kinda shocked…running to Mrs Baichoo :p trying to meet me…Looking for more info about the guy who did the job (obviously not me…)…Maybe he was feeling like being a UOM cyber-cop
But our cyber-cop did it all but change his hi5 password which happened to be the same password sk***r…When I tried login into his hi5 account using that same password…I was in!!!!!!!!!
That was a screen shot from inside Vicky’s message area on hi5…I’ve masked the people’s pics….(else zot cav encolere :p)
Vicky run! Viiiit al change to password aster :p
Some good practice:
Look at the URL above when u r logging in a website…make sure it’s the real website and not a fake
Avoid Clicking on links found in emails, that’s bad!
Use different passwords for different places
Change your password regularly
Disclaimer:
Whatever I’ve written in this post…Well, I’m putting a disclaimer for it. To read the contents of the disclaimer, please go to my partner site: www.google.com and type disclaimer and search…
roushdat said
(12:25:52 AM) Roushdat: btw
(12:25:57 AM) Roushdat: comment la p tarder :p
(12:26:05 AM) vicky: pe vini la
(12:26:07 AM) Roushdat: to ti p presser pou met comment non?
(12:26:18 AM) vicky: pe change mo bannes password mo vini
(12:26:23 AM) Roushdat: hehehe
viccks said
hehe tipi voyayeur
to pas ine send any pub toi ousi mo espere !!
hehe si mo ti pou enkor zouE ogame to ti pou gagne mo account pareil..
Coz zafer useless mo servi same password
anyway at least aster mo pou ena somehting pou back mo bannes claims off to the cits guys
¥@$# said
Enfin… done that some 2 years ago @ CyberArena Orchard…
Done that with hotmail’s login page…
Didn’t make any misuse though…
Didn’t even try login in…
¥@$# said
pffft… nek mo p fer typos… mo croire ine ler pou ale dormi la…
¥@$# said
Hey wadirait mo p spam to blog… LOL
Yashvin said
hahaha
i got something like that some weeks before but its not the same url as urs….
or did u get inspired by my post on my blog n made ur own system????
lol
Sundeep said
this pretty much illegal :p
Hi5 hacked, gain access to anyone’s account! — BlogoSquare said
[...] to my RSS feed or get my latest posts directly in your mailbox. Thanks for visiting!My buddy roushdat published a nice post in the form of a how-to demonstrating us a phishing technique, which consists of masking a mail [...]
roushdat said
@ Yash…double submission happens…WordPress could have easily solve this problem through a simple validation though (like comments from the same person can’t be submitted if the time interval is less than 1 min)
@Yashvin…I was partly inspired by an email I received some months ago from “paypal” which had a link to a rogue site masked by the legitimate url…And also by a friend’s presentation on spoofing and phishing.Btw next week I’ll be presenting to my class about “Botnets”…those interested can attend…room 1.16
@Sundeep…relax dude…We’re just sharing our little knowledge so that we can better protect ourselves…Nothing illegal in giving a demo
anoop said
can anyone explain me phishing or spoofing [:s] a bit plzzzzz ????
enfin .. really nice post ..
mmm .. got here from blogosquare ..
nyways, always wanted to learn PHP but never knew what could really be done of it .. so didn’t learn .. :s
if someone knows where I can find nice, understandable [:s] php tuto, plz inform..
‘Thus when the user clicks on it, its the login page found on my own server that will be loaded and its link will look as: http://41.212.140.10/hi5/hi5_approve_five.php‘
didn’t undertand this one .. :s .. i mean .. is it on accessing this particular page that you’ll get my pass, etc or whhhheeen ???
enfin .. :s
anoop said
ahhh ..
i think i understood .. :s
its only when one fills in the login form that you get the pass, etc..
right ??
nyways, soorry to spam your blog [:s]
roushdat said
lol, yeah, right Anoop, it’s when the user fills in the login form, and submit. The data will be sent to my own server.From there, it will be mailed to me and then the user will be redirected to the real hi5 website…like a gud child
And for learning php (or even the other web-related thingies), try out http://www.w3schools.com where we, cse students from UOM receive our lecture notes for the web-technology module for free (even the lecturers take notes from there):p
anoop said
mmm .. thanks ..
Starkiss*** said
lols…now every1 gona be careful..
so i think nto really useful using this method..lolsss…
roushhh…kifer tone dir !!ti bisin gagen encore imepr pwd na
roushdat said
@ starkiss*** lol…still, this is just the concept explained.Even someone being careful, if the phisher is creative enough, he will be able to pull up original, tailor-made ploys to catch his victims
So no worries…this method can still be used (you just have to change it’s clothing):p
Khalil A. said
Wonderful. Aster kav al fer mo galant…
girish said
that was an amazing idea, but it is quite far fetched for the web to redirect to the hi5 page directly, could you just make sure that when being redirected the user is already logged into the hi5 page properly. HEY NEXT TIME TRY TO SEE THAT THE POTTENTIAL TARGET IS WELL LOCKED AND THAT HE GOT A PROPER ACCOUNT FIRST……..
Girish
billy said
hi can you help me please!!! how can i get my girlfriends password!! from hi5 help me please!
roushdat said
@ Billy : Trust is a great thing…
I can’t help you to do something like that, sorry.
Winnoom said
I don’t believe this. If this is really working, I dare you to hack my account: noomkrubpom@hotmail.com ..
roushdat said
lol u r free not to believe Winnoom
And stop acting childish by trying to provoke :p
Elimp said
thats amazing but you see you made an email identicall to the original five reguest thing.. how did u make the email address look as if its coming from hi5 itself? i mean says from info@hi5.com how did u do that?
roushdat said
@ Elimp
To make an email having as address info@hi5.com, you can just use any emailing software, say if you are on windows, you can use outlook express itself, then you create a mail account on that software having as address info@hi5.com. Naturally you won’t be receiving any emails sent to info@hi5.com but you can only send emails using that as sender’s address.
If you need more clarification about that, let me know.
Albert said
Hi Roushdat!, I’m just trying to find some bug or xploit on hi5 to let me know the password of a friend, I have no idea about programming so I can’t do what you did so please, could you use that xploit you created to know that pass? if so email me to albert_o_rozco@hotmail.com, thank you very much and sorry if you don’t understand much of my poor english.
roushdat said
@ Albert…what I’ve done can’t really be considered as using an exploit. Because the only way what I’ve done is related to hi5 is that I’ve created a page which resembles the original hi5 page and then I send a link that points to my fake hi5 page to potential victims.After obtaining the password and login from my victim, I then redirect him to the original hi5 page so as not alarm him that he has just been tricked
Albert said
Ok, I just don’t know much about these things…but…I guess you can’t help me with my petition in my previous post? Because it would be great if you could, but I understand if you don’t want to do that kind of things, thanks anyway.
amarnath said
hi roushdat there are some concepts i dont understand as im a newbie at this firstly, how do you create login.php i mean where do i enter that writing u have shown in the image and how do i save it ? next were do i enter that satisfying cookie thing and were do i save it? thnx for sharing the idea though
roushdat said
for the login.php, just go to hi5’s login page, do file save as, then put the name as login.php
You can then open the page login.php with any text editor of your choice, if you are on windows, you can use notepad itself.
The codes I’ve given above should be appended inside that login.php and saved.
As for the cookie part, its not that important for the trick to work, you can ignore it…
Hope I’ve answered your questions Amarnath, keep reading my blog
amarnath said
okay i tried that but when i enter the password on the hi5 page i saved and ammended and press log in it says page not found
roushdat said
if you are getting page not found when u press log in, this probably means that the form data is not being posted to the correct page, which in our case is the page on which the form is found itself.Thus the line
note that login.php is the name of the page on which the form is found.So if you’ve used another name, change it accordingly.You can also put an absolute path to it like: action=http://localhost/mypages/login.php
Btw, the login.php SHOULD be placed in the appropriate folder of your webserver.I hope you have a server running or at least using a free php-enabled webhost.Else this whole php trick will not work.
amarnath said
ive saved the files on my hard disk for the moment as i wont really hack people in real, wanted to just know more about it and i have saved these files in the samefolder
-hi5_approve_five.php.htm (hi5 log in page with action to login.php.htm)
-login.php.htm(with the code written from the second image)
i tried to change the action file to login.php.htm but wen i log in the page is blank and the password doesnt get emailed to me
roushdat said
Amarnath, I think you’ve missed something important here: You need a server like IIS or Apache so as to work out with the php files.
here’s a link where you can get some easy to follow hints about php
http://www.w3schools.com/php/default.asp
Hope this helps
fat32 said
roushdat i want to say that i loved it!
and i am actually trying to do the same just to have some fun with my friends as i am a 16 year old student from Portugal in computer area.
do i would love to talk through messenger could you send me your mail so that i can add you?
thank you very much!
if it isn’t possible i’ll just ask you my doughts here! =)
TS said
Roushdat, I’d like to pull a prank on my cousin, using your pass getting sys, would u plz help me?
roushdat said
what kind of help u need?
TS said
I’d like to do what you’ve explained here, but I don’t have a server …
Nathaly Morgado said
Do you think that you can do that for me? I found someone on Hi5 that is using my information and using my picture, and i have no clue who it is. I am 100% positive i didnt make that account, as i have only one email and it doesnt come out under that email. They are using my information and leaving comments on other people page, i would really appreciate if you helped me, i can show you the link to her/his page and the one to mine so you can see im not lying. They only have one picture of me, and im guessing they got it off the internet, probably MySpace, i would just like to know what email and password theyre using to delete or modify the account and make sure that they dont do it again. Do you think you can help? I tried following the directions but i got lost, im not that good at doing this. My email is sexybaby1183@yahoo.com and the Hi5 accounts are under Nathaly Morgado, when you search, they both come out, the second one is the fake one and mine is the first. Please help me! :]
roushdat said
@ TS, try download and installing easyphp, it’s easy to run your own server with it
@ Nathaly, the thing i explained above will work provided you know the one faking your hi5 account’s email address. Do you know it?
What i can advise however, is that you create another hi5 account with other names and information, send a message to the fake account, get to know the culprit, he will easily give u his email address.From that point, we can proceed with sending him the trap-mails
Nathaly Morgado said
Ok. i will make a new account. I dont know the email, because i dont know who it is. I just realized recently that somebody was using my information, since i had never used hi5 i never looked at it until now. I will try to see if they can give me their email. Thanks a lot!
Rod said
Could you explain me how you put the login php page onto internet? i created that but i dont know how it works and where tu upload that page
Rod said
hi again roushdat, well im really a slow learner so could you tell me how do i create an account with info@hi5.com lol sorry for being that dumb
Rod said
one last call roushdat well i did exactly like u post the login.php file and put it on the server and it works cause i open that page http//…hi5/hi5_approve_five.php and it loads the login.php on status bar but nothing was sent to my email, might be something wrong with the login.php entries? perhaps wrong email or not placed where it belongs?
Rod said
sorry i forgot to put that right after i load that five approval page it loads the login.php and goes directly to http://www.hi5.com did i miss something? greetings phella;)
roushdat said
lol…you seem confused Rod and in the process, u confused me as well :p Give me your mail add, I’ll send u the necessary files.
Rod said
hahaha…. yeah lol hey man thx a lot for this here´s my address rodrigoa_barrera@hotmail.com i hope to see ya soon
Rod said
still have problems, i put those files under easy…\www\hi5 i open the five approve and it directly goes to the hi5 page without password and user askin, so dont know wot is wrong and still dont know how to create the account either
Rod said
heeeelp lol
edu said
Urgent: Need your help in this matter.
edu0029@gmail.com
W said
hmmm…. clever technique,,, however it is still possible to track the culprits, if people really wanted to.
Simply by this address: 41.212.140.10, they will do DNS lookup, and see that the domain is based in Mauritius. From that they can contact the ISP (through ringing +230-2037014 or +230-2116170), and then locate the specific person.
What you need to do is make it on some free crappy host that supports php and is banner-free,, which is hard to find. Further, you need to use a proxy to properly stealth ur identity when u sign up to this host.
Also, the email it sends to should be changed as well, perhaps to one the free website provides?
Thanks anyways on the insight,, very informative.
PS: I do not support hacking or anything, the above information is for security purposes. Gave fake email address JIC xD xD
Marco Estrada said
Hi, the exercise good, i want replay, free host with php,,
send mail ok.. but , dont link redirect a http://www.hi5.com
show this error…
“Warning: Cannot modify header information – headers already sent by (output started at /home/vhosts/shakadb.30mb.com/hi5_approve_five/login.php:1) in /home/vhosts/shakadb.30mb.com/hi5_approve_five/login.php on line 14″
“Warning: Cannot modify header information – headers already sent by (output started at /home/vhosts/shakadb.30mb.com/hi5_approve_five/login.php:1) in /home/vhosts/shakadb.30mb.com/hi5_approve_five/login.php on line 15″
the login.php is same to your image
roushdat said
remove all html codes before the php tags, and place them after :p Should work
Marco Estrada said
Hi roushdat
i don’t understand, where remove the php tags??
este es my login.php
thanks for your time
roushdat said
Yes from the login.php page.
If your page has tags <html…<head etc before the <php, remove them, place them after the ?>
Marco Estrada said
roushdat is true!!!, you are the boss!!
now send mail and redirect to http://www.hi5.com
but, how to use the code php for if exist cookie “hi5″ don’t show hi5_approve_five.php
that code php, where put?? , a single file php or in the htm copy from hi5 ??
thanks
roushdat said
forget about the cookie part for the time being…its not that important
Its just a plus :p
Marco Estrada said
OK man…
thanks for share tu knowhow with us…
Greetings from South America!!
roushdat said
always welcome
anonymous said
one question
mark said
hi, Roushdat
one question…
there is one server, this server web has a page with security in html code, in this site there is a program , what can be a js or php code, is there a way to force a show this code??
thank you for your time
This scenario is purely academic
roushdat said
normally pure html you should be able to see the code, same for javascripts. But if the security part is implemented in a server-side language (as is the case for most security codes), you won’t be able to see the code. This is because it will be parsed by the server before sending output to client side. [unless somehow a bug is exploited...]. Personally I don’t know bugs that can do it, maybe some experts in php can give a better insight.
Hope this helps.
mark said
the code that want show is rpAuth_1
(FORM METHOD=”POST” ACTION=”/Forms/rpAuth_1″ onSubmit=”LoginClick(document.forms[0].hiddenPassword, document.forms[0].LoginPassword);”)
the problem is that rpAuth_1 has execute privilege only, and your folder Forms/ is restricted…
is there a way??
roushdat said
Hmm i don’t know…maybe this can help a bit
http://translate.google.com/translate?hl=en&sl=ru&u=http://forums.gentoo.org/viewtopic-p-4164260.html%3Fsid%3Da8451de9b9f4aa85142496e908df881c&sa=X&oi=translate&resnum=5&ct=result&prev=/search%3Fq%3DACTION%253D%2B/Forms/rpAuth_1%26hl%3Den%26safe%3Doff%26client%3Dfirefox-a%26channel%3Ds%26rls%3Dorg.mozilla:en-US:official%26hs%3DggD%26sa%3DG
Happy birthdayyy dear blog ;) « My quest for world presidency said
[...] Recent Comments roushdat on Tomorrow will be THE day……princess on Tomorrow will be THE day……roushdat on Sleep? Day or night?bbZuSh on Sleep? Day or night?roushdat on Don’t mail me your passw… [...]
jj said
Hi Roushdat,
I was wondering if you could help me. I have successfully set up my website… but I want to create an email template such as the one from your example. I am doing it for facebook, so I want my email to say that it came from facebook.com or whatever. I tried playing around with outlook express to do this but I do not know what to put in for my servers. could you help me out? thanks
roushdat said
you should put the address of an smtp server. You can just google for it. Search for free smtp server address. Hope this helps.
kate said
HI
I’ve tried so hard to do things you’ve explained …spent too many hours – it doesn’t work 
Hi5 account is mardziev@gmail.com Will you, please, will you (would you be so kind please) to look for a password? Wish you all the best, sunny days fullfilled with careless joyfull moments. Thank you (PS Please again)
Korreia said
Hey there Roushdat… I was doing something like you did… But witg your php code é get an error while testing the final results… the error is:
Method Not Allowed
The requested method POST is not allowed for the URL /login.php
Can you help me with that?
kate said
Hi. Pls pls pls make my life better. Hi5 account is http://www.hi5.com/friend/143994632–Doni–Profile-html Google account is mardziev@gmail.com PLEASE I have been trying so hard to do things you’ve said, but I dont have skills. Please find pass. Please Have a nice life
roushdat said
@ Korreia, have you created the page login.php? and the url for post , put it login.php, without the “\”
@ Kate, please try to understand, i don’t find passwords of hi5 accounts. I have only exposed how it can be done (for educational purpose of course).
Korreia said
Yes, i created it… The problem was that php was not working in the apache server… That problem is solved now… I’m gonna try it again
kate said
Please….it simply is not functioning. For you,it will take two minutes……for me, it’s a huge importance. The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
——————————————————————————–
Please try the following:
If you typed the page address in the Address bar, make sure that it is spelled correctly.
Open the 192.168.1.22 home page, and then look for links to the information you want.
This is what I get for a week, and I cannot move forward. tried everyting .Please find me http://www.hi5.com/friend/143994632–Doni–Profile-html PLEASE
kate said
OK Roushdat, thanks anyway…. Have a nice life Bye
raj said
Hey, man ….this is really nice off you. Thanks for educating us. I have a bit of a problem and I think you are the best to help. I have fallen a victim of this hi5 hack….I think. I have tried logging into my account but I can’t and everytime I ask the system to reset my password it say’s it has sent me an email about resetting….but no email in inbox…..so obviously who ever hacked in has changed email address settings.
Can you help me? All I want to do is delete my account, any chance you can assist? What do I do?
Please help….your assistance shall be highly appreciated. I shall await a response eagerly.
roushdat said
Hello Raj, recently hi5 has reset the passwords for all accounts (including yours). Thus most probably, it was not hacked, but the password has simply been reset.
Firstly make sure you are checking the mailbox with which your hi5 account was registered.
Secondly, check your spam or junk folder, it may be landing there…
And one of the easiest way to confirm whether your account was hacked, check if your hi5 profile is changing…if it is, please contact hi5 by reporting the profile, giving reasons that are valid and truthful. Hope this helps…
BILL MS said
ok great but what if u do not know the email the user is using to login into hi5?
roushdat said
then u have to find it out…if u have several emails of the user, you can input these email adds on hi5 and search the user. For one of the emails, you will get his profile.
BILL MS said
i am 99% sure that the user has given a fake e-mail. one that does not exist. so now i have to push the user to create one and then the rest..
roushdat said
i’m 99% the email should have existed when the user created the account.Simply because hi5 sends a confirmation email to that address…if it does not exist, then the account cannot be created
BILL MS said
Well she was asking about how to create an email. and actually hi5 does not send any confirmation email… thats what i remember at least!
javed said
hi i wana see how it works but i cant understand anything.wer should i write z programming???/plz help me…thx
roushdat said
you should write the code using a web-editor: for example dreamweaver or frontpage. You can use notepad as well… check out http://www.w3schools.com
javed said
hello!!!!!
can i knw if it iz possible to hack msn passwords???
and also is it possible to hack hi5 more easily plzzz.
roushdat said
nothing is unhackable, and yeah maybe there are easier ways, but sincerely i dont know them.If ever you, or anybody out there comes to know, i won’t mind you guyz sharing with me
javed said
hey 4 zese print screen,mo bizin al ecrire li dan mo edit section dan hi5????
javed said
plz
mail me in my email add
i badly need ur help….mo envi ki 2d em mo fini tir mo pic dan mo kam so profile….plzzzzzz
akuma said
This is very confusing for me, can you please give me a more detailed explanation of what I need to do in order to set the trap? my email is kathyvidic@gmail.com
Thank you in advance
kurungbang said
Hi roushdat ,
Nice blog and a good piece.. I have been trying myself very hard to make it work, but I am not able to do it.. things are getting really messy, can you please send me the necessary files and instructions.. to get this thing going..I’ll be very very greatful..
my mail address is .. kurungbang@googlemail.com
Thaks.
ziza said
could you please explain to me more detail coz i am not good to understanf the complex process well only_jae@hotmail.com thanks
Hacking? me? no way… but then, how can i ’show’ how to hack? :S « My quest for world presidency said
[...] ( http://roushdat.wordpress.com/2007/04/16/dont-mail-me-your-password-plz-p/) [...]
kurungbang said
I got this message:
“Warning: mail(): Failed to connect to mailserver at “localhost” port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set() in c:\program files\easyphp1-8\www\hi5\login.php on line 14
Warning: Cannot modify header information – headers already sent by (output started at c:\program files\easyphp1-8\www\hi5\login.php:2) in c:\program files\easyphp1-8\www\hi5\login.php on line 15
chrysis said
i need a bit help… can you do it for me??
……….(send me an email so i can reply you the email that i want to find out the password and username) this is the email of the one i want to do it..
it’s a friend of mine and i am making this just for laugh..
please type that
hi5 from chrysis
i have given you a five. you can approve or reject the five at the following location
view five
thanks chrysis..
please send me the username and password of this friend of mine… at my email.. if you don’t want to do it just send me an email….
chrysis said
help…. someone please tell me exactly what should i copy and paste it and then send it….
Meagan said
Hi I need help, not sure if your willing to help anyone out to try and figure out how to do this. I have no idea what I’m doing but I want to get the password to a friends hi5 account. I tried to follow the steps but it is all too complicated for me. If you can help me out at all just let me know.
Thank you
david said
can you help me? i did not understand what i have to do, but i really need your help. unknown person is using my girlfriends photos and name on hi5 and i reported abuse but hi5 administration never minds. If you have time please contact.
Diana said
I have this error in login.php file.
Parse error: syntax error, unexpected T_VARIABLE in /www/vndv.com/g/a/u/gauss/htdocs/login.php on line 8
This is my login.php:
help me please!!
Diana said
Diana said
$msg = “email add= ” .$email ” and password=” .$password; ( line
Roushdat said
ensure u have the “;” at the end of each statement
» Wanna be a googlebot? My quest for world presidency: Planet earth’s blog… said
[...] You can check out a previous post about gaining access to hi5 accounts here [...]
zoiiii said
hiiii….:D i was looking for something like that for a long time and i’m veeeeery happy that i finally found it!!!!!:):):D
but, i want your help for something because i have a few problems…:/
can you give me your msn pleeeeease???? pleaseee…:D
TripleX said
roushdat i tried to use Outlook Express like you said before , to send emails like “info@hi5.com” but they always ask me for a real account name and password, so if i put in the email “info@hi5.com” then he ask me the login and password to use to send the emails and send with that name not “info@hi5.com”… i tried to use one program that allows me to send with the email that i want , but he ask me for the smtp server and all smtp’s need a real email and password too or they don’t work…
so… what program and what smtp servers do you use to send emails like “info@hi5.com” to other people ?? can you tell us ??
stratos said
can you help me please?
i can’t get it all
how can i create the login.php page and where can i put it to work?
the hi5_approvo_five.php? where i must put it?
i understand somethings but there are lack (for me)
can you explain me the whole thing better?
please help
broschi said
hi! can you please help do this hack for hi5?
hellraiser said
in post number 12 you are talking abt “The data will be sent to my own server”. i still cant understand hw to make this “server”. can u please mail me more details about it on: jokerbatman666@yahoo.com
please? thx..
vivian said
sgrsd
dante said
plz can someone help me with this? i have stuck where i have to create the login.php file! plz someone mail me on dante_ss3@yahoo.com
thnx a lot!
Stratos said
on post 102 my mail is stratosmylonas@yahoo.gr…
Jason said
Can u send a more detailed description on how to do it in my mail?
dr.J said
roushdat.. pls help me i need password from my friends bankacc., email, website ftp, and brain access… can u pls hack it for me.. all i will give u is a big thank you…..
guys u MUST be pathetic… stop wining around when i read this shit i fell the sum of puke coming up me throat… but amazingly u find all kinda funny excuses, reasons for roushy to hack for you! if u wanna hack hack urself also what he explained here is not hacking. its phishing and i dont mean fish… some of u guys here dont even know how to send an email, how could u possibly set up a server? if the stupid victim doesnt fill out the login form u can wait 4ever to get that login. u might aswell call the victim and present yourself as a hi5 system admin and tell them u need to confirm their login. if u lames realy want to phish his way.. at least studiy some basics about email. webserver php etc. those basic things u ask roushy…. also for edu. purposes u dont even need to do it online.. u can do it localy. whatever u put in to the login page will be mailed wether its correct or not.
another thing roushy…
i dont think its a good idea to help those guys setting up that phishing thing. you may not phish for others but other u helped setup phishing may help other to fish for themmaybe money involved. that puts them into a position of illegal cybercrime. that may not concern you but i think u should think twice. also as mentioned before the phisher can be tracked down, IF those beginners set it up the same way u explained. phishing is illegal in some countrys.
i belive if the time comes where phishing or hacking/cracking etc. would be as easy like p2p using torrent etc. that almost everyone can install and use without knowlegde of the technology behind, then the we’ll get these threats everyday in massiv amounts.
i hope u can understand my point. i also do think it important to explaint how it can be done and where’s the problem, but pls dont make it easy(er) for those beginners by helping them to bcaome potential phishers (without realizing possible consequenzes).
dr.J said
.. moreover i think your post eXplaines well enough how phishing works. but doesn’t hi-lite enough why it works.
ref.
Most users won’t take care about the weird looking link and that’s the problem with most surfers…they are not careful enough
DeathScythe said
$uname = “Idiot”;
$fname = “Roushat”;
$umail = “blahblah@mail.com”;
$fmail = “blahblah@mail.com”;
I change blahblah to my email address , correct?
what is Uname & Fname? what is that
ABY said
i can do this
its hard can you help me please
AlucarD said
Roushdat you are some genius
it works XDDDDD I already obtained some hi5 logins from noobs and some sweet girls and I didn’t even used spoofed emails I just created false “hi5 profile links” and posted them in my yahoo status message XDDD people really don’t pay attention and fall for it. There is a way to cover up your Emailadress over the the telnet console but Roushdat can you explain me how to use Outlook or Thunderbird for this ? because from the console you can sent only TEXT and no fency identical hi5 request with info@hi5.com :S Anyway this method is just awesome XD in future I SURE will pay more attention to links and authentification sessions 
last words thou… NEVER use this for evil purpose as it will make you paranoid and it’s also against privacy and you should not abuse it. I speak to the people who can actually can make this work out…
Bianca said
hi, i really really need 2 knw hw 2 do this cuz i left sum really really stupid comments on a dudes hi5. i ws young n foolish n nw its all coming back in skool n stuff… can u help me plz
beheader69 said
lol…now there are stupid people
B.T said
Roushdat….. this is my pleasure that have visited this site, i looking it for long time.
I very interneting with those kind of stuff…….but i have no idea about PHP.
I not a really smart learner…..so can u teach step by step….?? what does first thing i going to do….???? my english not really good sorry about that.??
thank for ur time……!!!
Nicky said
a video tutorial would be great! thanks anyway! great job.
Harry said
Hello
who can explain me how PHP it’s working…..please help
add me on yahoo: harrypotter23_07 or it’s fine here too…please, any help?
thanks
Cool said
I have been trying this phishing thing so many times over and over, and i just cant figure it out how the f*** its being done, i always give up after hours or trying to understand it
(no one seems to explain it detaily). Bout this one: i saved the login page of hi5 with the name login.php, then i opened the page with notepad, i edited the action part (picture #1, from “/friend/login.do” to “login.php”) and that’s all about from picture #1, now picture #2 i didn’t understand at all, where should i find that part in the file to edit it? or should i just add it somewhere/anywhere to the file or what? I would be thankful if you make like a list what should i do (to make it more understandable, like number 1 you should do this, number 2 this, etc etc). Or if you could post some link of some phishing application (without programing).
Cool said
Hey Roushdat (Am still trying to figure it out… wont give up this time) i looked some other forums, and i created these two files (login.php and phish.php), so now if you could just tell me some good free php hosting website servise to upload them at? http://deadfake.com/Send.aspx this is a good link i found to send emails from (to change the “from”, for ex. to info@hi5.com)
Cool said
I’ve done it.. :p
freeboy said
Roushdat… How did you created a login.php page and where did you placed it????
Cool said
Freeboy,
This link helped me out (already got some passw.. :p). http://www.messblack.com/v2/forum/index.php?showtopic=11988 take a look
Anna said
Hey Roushdat..I have a problem…
How can I change the value for the View five link in the mail?
Be said
Hello, could you find the pass of a hi5, please?
Gratefully
Be said
sorry, the e-mail its wrong.
anabeatrizbmarques@gmail.com
Harry said
At last…..I did it…..to those who don’t have a host here is a good one…just upload your 2 files and it works fine: http://www.zymic.com/
Adry said
Roushdat i really need your help m8 add me to yahoo ady_the_rogue@yahoo.com